Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1483
Views
0
Helpful
7
Replies

Dot1x

Go to solution
access1097BA
Level 1
Level 1

‎11-28-2009 11:12 AM - edited ‎03-06-2019 08:45 AM

I want to configure our network for switch port authentication using 802.x.

I want to configure dot1x with authentication to wondows 2003 Radius.

I have 1 core switch C3750G router and other secondray switches C2960 connected to the core switch.

I want separate alle authenticated user to  be connected VLAN 1 and oud guest to guest to VLAN 2 for internet.

Do i have to configure only the core switch with dot1x and aaa authentication or all switches ( core and secondarY)

Thank you and kind regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to access1097BA

‎11-28-2009 11:57 AM 

access1097BA wrote:
Thank verry kind of you,
Do i have to create also on all switches the Guest VLAN?
Where i have to do the routing to the internet Gateway voor the Guest Vlan?
If i enable the VTP than is that correct that i have to configure only ONE switch and the configuration will be propogate to the other switches>
Thank you verry much,

The Guest vlan will be needed on all switches that the guest traffic has to pass through to get to the Internet gateway.

Yes, if you make your core switch a VTP server and the 2960s VTP clients you can create the vlans on the core switch and they will be propogated to the 2960s.

Jon

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-28-2009 11:21 AM 

access1097BA wrote:
I want to configure our network for switch port authentication using 802.x.
I want to configure dot1x with authentication to wondows 2003 Radius.
I have 1 core switch C3750G router and other secondray switches C2960 connected to the core switch.
I want separate alle authenticated user to  be connected VLAN 1 and oud guest to guest to VLAN 2 for internet.
Do i have to configure only the core switch with dot1x and aaa authentication or all switches ( core and secondarY)
Thank you and kind regards,

You need to configure all switches that have devices connected to them that you want to have 802.1x authentcation for. So if you have devices/users on the 2960 switches that you want to authenticate you will need dot1x configured on the 2960 switches.

Note, that if you no end users/devices on the core switch then you do not need dot1x config on core switch.

Jon

0 Helpful

Go to solution
access1097BA
Level 1
Level 1
In response to Jon Marshall

‎11-28-2009 11:46 AM

Thank you for the answer,

Wat about the radius configuration on the switch, do i have also to enable it on all connected switches.

If i understand goed i don't need to do no configuration on the core switch.

Thanks alotb

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to access1097BA

‎11-28-2009 11:48 AM 

access1097BA wrote:
Thank you for the answer,
Wat about the radius configuration on the switch, do i have also to enable it on all connected switches.
If i understand goed i don't need to do no configuration on the core switch.
Thanks alotb

On any switch that has a device/user you want to authenticate you will need to configure dot1x and also radius configuration ie. any switch doing dot1xauthentication will need to know which radius server(s) to talk to.

Jon

0 Helpful

Go to solution
access1097BA
Level 1
Level 1
In response to Jon Marshall

‎11-28-2009 11:55 AM

Thank verry kind of you,

Do i have to create also on all switches the Guest VLAN?

Where i have to do the routing to the internet Gateway voor the Guest Vlan?

If i enable the VTP than is that correct that i have to configure only ONE switch and the configuration will be propogate to the other switches>

Thank you verry much,

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to access1097BA

‎11-28-2009 11:57 AM 

access1097BA wrote:
Thank verry kind of you,
Do i have to create also on all switches the Guest VLAN?
Where i have to do the routing to the internet Gateway voor the Guest Vlan?
If i enable the VTP than is that correct that i have to configure only ONE switch and the configuration will be propogate to the other switches>
Thank you verry much,

The Guest vlan will be needed on all switches that the guest traffic has to pass through to get to the Internet gateway.

Yes, if you make your core switch a VTP server and the 2960s VTP clients you can create the vlans on the core switch and they will be propogated to the 2960s.

Jon

0 Helpful

Go to solution
access1097BA
Level 1
Level 1
In response to Jon Marshall

‎11-30-2009 02:17 PM

Hi Jon,

Please can you help me further,

Can you please tel me step by step how i have to do this configuration.

Core switch 3750G, router and all my secondary 2960 switches are connected to the core switch.

I want all my local users authenticate to Radius for authentication.

I want to create a VLAN for local users and VLAN for guest internet.

Where and how i have to configure the dot1x ( on all example wat i found on google Fasteethernet0/3).

Waht they meen with fastethernet0/3, do i have to set the dot1x on alle switches port fastethernet0/3?

Please can you guide me.

Thanks

0 Helpful

Go to solution
access1097BA
Level 1
Level 1
In response to Jon Marshall

‎11-28-2009 12:29 PM

Thank you verry much, i will try monday

the configuration and will let you know.

Kind regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card