×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

802.1x bypassed?

Answered Question
Jul 25th, 2012
User Badges:
  • Bronze, 100 points or more

Hi everybody.


I have  a question on 802.1x.



h1-----------hub---------f1/1-SW-------Radius server.

                     |

                     h2


h1 is a legitimate user while h2 is not.  h1 powers up while h2 is off.  h1 uses 802.1x and gets authenticated as a result switch( authenticator) transitions the port to authorized state


My question is if h2 powers up ,  will it not be able to access the network without going through any authentication because the f1/1 is already in authorized state?




thanks and have a great week

Correct Answer by tnewshott about 5 years 3 days ago

That largely depends on the port configuration - you can define what mode your port operates under for 802.1x.


This link has a lot of good info on the various modes and what remifications each has on the authC/authZ process:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/configuration/guide/sw8021x.html#wp1192140


Labbing it up and testing with the various deployment models(single host, host & phone, multi-host, etc) is usually a good idea - and in some cases my clients have had to set different ports in different modes depending on their use. Trying to nail down a single standard can be tough.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
tnewshott Thu, 08/16/2012 - 07:30
User Badges:

That largely depends on the port configuration - you can define what mode your port operates under for 802.1x.


This link has a lot of good info on the various modes and what remifications each has on the authC/authZ process:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/configuration/guide/sw8021x.html#wp1192140


Labbing it up and testing with the various deployment models(single host, host & phone, multi-host, etc) is usually a good idea - and in some cases my clients have had to set different ports in different modes depending on their use. Trying to nail down a single standard can be tough.

Actions

This Discussion

Related Content