Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

3750G and 802.1x

Hi

I have a c3750-advipservicesk9-mz.122-46.SE.bin which I think I can use 802.1X and want to restrict

1. only company PCs on this switch

2. Polycom Video units like 9000HDX

3. Cisco IP Phones PC

Can I do this with 802.1x or is there something else. Sample configs would be great. Thx

  • AAA Identity and NAC
1 REPLY

Re: 3750G and 802.1x

First of all you need to know if all your devices support 802.1x authentication. If they support 802.1x then you must decide what "EAP" protocol to use.

Let's suppose Polycom doesn't support 802.1x. Then you could use MAB (Mac address bypass) authentication for Polycom and 802.1x for both PCs and IP Phones. Cisco supports both 802.1x and MAB authentication in the same switchport, but only in certain order, the switchport could try 802.1x first, the Polycom would fail to authenticate so the switchport after a timer would try MAB authentication and then Polycom would authenticate succesfully.

About "EAP" protocols you could use PEAP MSCHAP for PCs and EAP-TLS for IP Phones. That's an option but there are way too many combinations of possible  deployments so I advice you to do some labs before actual deployment.

Here's a link with the documentation where you can start

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/guide_c07-627531.html

Please rate if it helps. Kind regards.

453
Views
0
Helpful
1
Replies