cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
423
Views
0
Helpful
2
Replies

Wired 802.1X and restricting VLAN assignment

johncaston_2
Level 1
Level 1

We have an unusual situation whereby we are supplying LAN as a managed service but will allow clients to control port security via 802.1X

Although I can get this working fine, we're concerned that there's nothing stopping the client changing the port to our management VLAN - unless we disable CoA completely.

Ideally what I'd like to do is just have something to prevent them from selecting VLAN 100.

I've done some research but haven't been able to find a simple method to do this other than applying an L3 ACL somewhere else on the network

Switch type that we're using is the 2960X

Any thoughts?

Cheers,

John

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

AFAIK you cannot restrict CoA that way.

Once you allow the RADIUS server to initiate changes it has complete control (within the scope of what A-V pairs are supported of course).

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

AFAIK you cannot restrict CoA that way.

Once you allow the RADIUS server to initiate changes it has complete control (within the scope of what A-V pairs are supported of course).

Thanks Marvin,

That's what it looks like to me too, so I'm just going to have to remove CoA and say "basic auth only

Thanks for your feedback

Cheers,

john

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: