I have a very large wired-only Ethernet network which I would like to migrate to 802.1x for stronger authentication of end users. The problem I have is that there are long chains of legacy swtiches which do not support 802.1x (the topology of the network is a complete tree of switches). As far as I know, 802.1x is port based.
So here is the issue:
- the replacement of all switches will take a very long time, but I would like to have all end users authenticated asap
- switches supporting .1x will initially only be located at the roots of the tree. There will still be legacy switches not supporting .1x between end users and newer switches.
- authentication of users on a port of a new switch will be shared between several end users.
Do you know if it possible to enable authentication of all users but having only enabled 802.1x in some more central locations first?