acomiskey Thu, 11/08/2007 - 12:26

Could it be just becuase they want you to upgrade to 2960's?

andrew.butterworth Thu, 11/08/2007 - 13:59

The release notes for 12.1(22)EA10 for the 2940, 2950 & 2955 have quite a bit on 802.1x MAC Authentication Bypass. I have a 2950-12T that runs the EI feature set that has 12.1(22)EA10a and I can confirm that 'dot1x mac-auth-bypass' is NOT available:

cat-2950(config-if)#dot1x ?

auth-fail----------Configure Authentication Fail values for this port

control-direction--set the control-direction value

default------------Configure Dot1x with default values for this port

guest-vlan---------Configure Guest-vlan on this interface

host-mode----------Set the Host mode for 802.1x on this interface

max-reauth-req-----Max No. of Retries to supplicant

max-req------------Max No. of Retries to Radius

port-control-------set the port-control value

reauthentication---Enable or Disable Reauthentication for this port

timeout------------Various Timeouts

cat-2950(config-if)#

In the release note it also states this isn't available on 2940 & 2950's (so I assume only 2955s?):

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea10/release/notes/OL12607.html#wp1000257

HTH

Andy

acomiskey Fri, 11/09/2007 - 06:01

It's kinda funny how the notes for EA10 say

"Although the IEEE 802.1x inaccessible authentication bypass feature is mentioned in the Catalyst 2940 Switch Software Configuration Guide and the Catalyst 2950 Switch Software Configuration Guide, Catalyst 2950 and 2940 switches do not support this feature"

but the notes for EA9 say...

"These are the new software features in this release:

•Support for MAC authentication bypass to authorize clients based on the client MAC address (Catalyst 2940 switches)"

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea9/release/notes/OL11484.html#wp999558

Actions

This Discussion