802.1x - ACS Auth

faxfan2002 · ‎10-06-2006

Hi,

Basically we are planing to implement 802.1x in conjunction with a ACS appliance. The plan being that end user auth's it will allow access to certain areas of the network (specific VLAN's and specific ports, all of which are audited). My question is behind the auth mechanism - do I need a client on the PC or will it pass thru current auth credentials (AD, LDAP etc..) ? Or can I just allow everyone through, but allowing restricted access to a specific VLAN?

Any pointers etc. would be very helpful.

Many thanks.

royalblues · ‎10-06-2006

Hi Robin,

I had tested the setup but the login credentials were created on the ACS Server and not integrated with LDAP, AD etc.

Regarding the client PC configuration, all you need is a NIC that supports dot1x (winXP will do)

When the NIC port comes up, it will prompt you for the username & password.

HTH

Narayan

faxfan2002 · ‎10-08-2006

Thanks for the info,

I see what you are saying but what about servers and the like, how would they be handleded? Could I just assign dot1x information to the physical interface and how would that interact with ACS? i.e. would it be audited?

From a PC configuration we do use with either novell (ldap) or AD so I can guess I can pass thru auth from the PC to ACS?

royalblues · ‎10-08-2006

Robin,

you should consider only the desktop ports to be dot1x enabled.

The servers would always be in one vlan and i dont think there is any need of port based authentication for them.

you can configure access-lists on the SVI which will take care of the access policies of diffrent vlans.

The desktop port can be assigned to a particular VLAN ID through dot1x and that would mean that the port is bound to be under the access control policies of that VLAN.

HTH, rate if it does

Narayan