Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
3
Helpful
2
Replies

Port security question

mikedurbin
Level 1
Level 1

‎12-01-2007 10:34 PM - edited ‎03-05-2019 07:46 PM

All, I know this should be in the security forum, but Im not having much luck understanding this at the moment. Can you guys please help me understand one thing in particular:

Im trying to find out how to use Dot1x port authentication. What Im trying to do is boot clientless system into a guest vlan OR if its a regular PC, Im trying to allow it into a native vlan. Im trying to understand "port authentication". Below is a paragraph from "Deploying 802.1x-Based Port Authentication on the Cisco ECT Solution". A little different scenario but the same goal in mind. See below the paragraph, and my question below it please:

PARAGRAPH READS:

"When a new IP host is connected to the switch port, the router initiates the communication using Extensible Authentication Protocol over LAN (EAPoL). The supplicant running on the device will respond to it. Then the router proceeds with further authentication. If there is no response from the device it is considered as a clientless device. Once the router gathers the credentials from the device, it is forwarded to the RADIUS server for authentication. If the credentials are valid, the port becomes enabled and gets attached to the trusted VLAN. If the credentials are invalid, the port is shut."

QUESTION:

From this sentance: "Then the router proceeds with further authentication.", what IS the authentication? What credentials are being sent from the client? Windows login? Mac-address? I dont know.

QUESTION 2:

From this sentance: "If the credentials are valid, the port becomes enabled and gets attached to the trusted VLAN."

Agan, what credentials? I dont think its Windows authentication, but I have no idea on what the client is sending?

ANY help would be appreciated. Thanks.

Labels:
0 Helpful
2 Replies 2

mikedurbin
Level 1
Level 1

‎12-01-2007 10:45 PM

Also, if anyone has deployed this solution before, would you be so kind as to post a sample config or an existing config of the switch and what you may have done in ACS? Thanks.

0 Helpful

xounmalina
Level 1
Level 1

‎12-02-2007 01:28 AM

Hi Mike,

EAP is a framework actually not a particular authentication mechanism. you can use different methods types for that. There is known a few of them. From MD5 Challenge to Digital Certs etc. So what you implement is that what is send/recieved.

More info/examples:

http://standards.ieee.org/getieee802/download/802.1X-2001.pdf

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a6b.html

regards

malina

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card