06-20-2017 03:02 PM - edited 03-11-2019 12:48 AM
We have an unusual situation whereby we are supplying LAN as a managed service but will allow clients to control port security via 802.1X
Although I can get this working fine, we're concerned that there's nothing stopping the client changing the port to our management VLAN - unless we disable CoA completely.
Ideally what I'd like to do is just have something to prevent them from selecting VLAN 100.
I've done some research but haven't been able to find a simple method to do this other than applying an L3 ACL somewhere else on the network
Switch type that we're using is the 2960X
Any thoughts?
Cheers,
John
Solved! Go to Solution.
06-20-2017 07:59 PM
AFAIK you cannot restrict CoA that way.
Once you allow the RADIUS server to initiate changes it has complete control (within the scope of what A-V pairs are supported of course).
06-20-2017 07:59 PM
AFAIK you cannot restrict CoA that way.
Once you allow the RADIUS server to initiate changes it has complete control (within the scope of what A-V pairs are supported of course).
06-22-2017 01:49 PM
Thanks Marvin,
That's what it looks like to me too, so I'm just going to have to remove CoA and say "basic auth only
Thanks for your feedback
Cheers,
john
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: