Port Security/802.1x

Unanswered Question
Ganesh Hariharan Fri, 01/22/2010 - 01:50

Is it possible to configure port security by 802.1x port ?

Perhaps by a vmware client for bridge mode.

br tom

Hi Tom,

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.

So it will purely on nic  which supports 802.1X protocol that will be supported with connected switch.

Hope to help.

Regards

Ganesh.H

Giuseppe Larosa Fri, 01/22/2010 - 03:40

Hello Tom,

it is possible to configure port security and 802.1X on the same port.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/sw8021x.html#wp1194824

These are some examples of the interaction between IEEE 802.1x authentication and port security on the switch:

When a client is authenticated, and the port security table is not full, the client MAC address is added to the port security list of secure hosts. The port then proceeds to come up normally.

When a client is authenticated and manually configured for port security, it is guaranteed an entry in the secure host table (unless port security static aging has been enabled).

A security violation occurs if the client is authenticated, but the port security table is full. This can happen if the maximum number of secure hosts has been statically configured or if the client ages out of the secure host table. If the client address is aged, its place in the secure host table can be taken by another host.

If the security violation is caused by the first authenticated host, the port becomes error-disabled and immediately shuts down.

Not sure if it is what you are looking  for.

Hope  to help

Giuseppe

Actions

This Discussion