802.1x on 3550 (or should i switch out to 3560s)

Answered Question
Oct 25th, 2007
User Badges:

Everyone,


I have a bunch of 3550s in my network (bunch meaning 20 or so at different locations), that because of some new regulations/mandates, I need to implement 802.1x. My question is it worth replacing my 3550s with 3560s just for 802.1x? Is there a specific feature in 802.1x that the 3560s support that the 3550s don't (like the private vlan thing).


All of my 3550s are currently being used as L2 switches (no routing) and have IP phones hooked up to them (I know I'm going to have some fun working out 802.1x and the ip phones). There's no servers, just clients pcs attached to the switches.


Sorry if its been asked a million times, but I just can't seem to find the right answer. I've asked my cisco rep, and was immediately told to "buy the 3560s, the 3550s are EOL." TAC wouldn't give me an answer because my engineer believed that it was a sales question.

Correct Answer by szahid about 9 years 6 months ago

Hi Ricky :

3550 supports all the major 802.1x features . I am not too sure about MDA ( Multi Domain Authentication ) , but I can find out and get back to you on that. Having said that , 802.1x alone may not be a good enough reason to go to 3560. Eventually if you need things like IPv6 in hardware or 802.3af inline power , you can eventually go to 3560-E .


thanks

Salman.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
szahid Thu, 10/25/2007 - 15:45
User Badges:
  • Silver, 250 points or more

Hi Ricky :

3550 supports all the major 802.1x features . I am not too sure about MDA ( Multi Domain Authentication ) , but I can find out and get back to you on that. Having said that , 802.1x alone may not be a good enough reason to go to 3560. Eventually if you need things like IPv6 in hardware or 802.3af inline power , you can eventually go to 3560-E .


thanks

Salman.

ricky-li Thu, 10/25/2007 - 19:45
User Badges:

Thanks Salman,


After you mentioned MDA, I went out and found a doc mentioning that the 3550 series do not support it, but i'm not sure i understood what MDA is all about. Just to confirm that interpretted doc correctly, MDA allows multiple devices on the same port to authenticate to different vlans. So a phone could authenticate to the voice vlan, but a computer authenticate to a different vlan? Does this mean that the 3550 can't have a IP phone and computer on one port if 802.1x is enabled?


I'm only planning on having the computers authenticate using 802.1x, I wasn't planning on the phone doing it too, but after reading the doc I think I confused myself.


As a side questions, is it possible to have a 3550 have port 1 authenticate to one radius server, and port 2 authenticate to another or is this a function of MDA?


At this point we're not running inline power or IPV6 (at least not until I'm required too) but thats good info to know.


Oh yeah, and here's the doc:

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml

Actions

This Discussion