Global 802.1x Project

Unanswered Question
Mar 6th, 2007
User Badges:
  • Bronze, 100 points or more

Hi,

We are currently looking at 802.1x as solution to manual port security but I have heard horror stories about 802.1x deployments due to third party supplicant etc. Were looking at using Microsoft certificate services and Microsoft RADIUS services for the global deployment. Most of the systems are running XP SP2. Has anyone done large scale 802.1x deployments?? If so any advice on what to do and what not to due before I get this into the lab?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Amit Singh Tue, 03/06/2007 - 10:10
User Badges:
  • Cisco Employee,

Mike,


I dont have experience with microsoft RADIUS service but I have recently done a demo project for one of my customer for IBNS using 802.1x with guest vlan and failed authentication vlan user assignment.We have use Cisco ACS4.0 server for RADIUS services and used Windows XP's built-in 802.1x supplicant. We used Microsoft PEAP with the certificate service and it all went pretty well.


I have used Cisco's 802.1x supplicant and it has worked pretty well in my tests.You might have to upgrade you switches to the latest IOS for support of authentication failed vlans. The older IOS doesnot have the authentication failed feature.


HTH,

-amit singh

mike-greene Tue, 03/06/2007 - 13:13
User Badges:
  • Bronze, 100 points or more

Amit,

Thanks for the response. Can you send me a link to "failed authentication vlan"? Is this an IBNS feature?


Thanks,

Mike

Actions

This Discussion