RADIUS and dot1x questions

Unanswered Question

Hello,


I'm working on a test rollout of 802.1x. I have a few (hopefully quick) questions that I can't seem to find in the docs...


1) Is there a way to configure a switch to use two separate RADIUS servers, one for auth/authen and one for accounting?


2) Is there any link to the different software versions and trains, both IOS and CatOS, showing the minimum versions that have guest VLAN and authFail VLAN?


Thanks,

Jason Antman

Rutgers University

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Elly Bornstein Fri, 07/30/2010 - 15:27
User Badges:
  • Cisco Employee,

2948G:


Running most recent software would be limited to the features in this configuration guide:


dot1x -

http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.1/configuration/guide/8021x.html

aaa -

http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.1/configuration/guide/authent.html


Unfortunately CatOS does not have a way to configure server groups which is what would be necessary to customize separate destinations for authentication versus authorization.


Furthermore in the dot1x guide there is no guest vlan nor auth fail features, only vlan assignment via Radius. Could use this to assign particular users to a restricted vlan. I would definitely read the section on 802.1x VLAN assignment Using a RADIUS server, if you are interested (in in the dot1x link above).


3550 -


Looks like guest vlan was introduced around 12.1(14)EA1,

Looks like auth fail was introduced around 12.2(25)SED, see:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_sed/release/notes/OL8114.html#wp94866


Looks like you will have to upgrade some of your older your 3550s.

Actions

This Discussion

Related Content