Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Who is really doing 802.1x wired

I am creating a lab environment to test 802.1x prior to implementing it into production.

I wanted to know what is the pros and cons of this security feature at layer 2?

How does it really work behind the scenes?

The reason why i want to implement this feature/function is becuase I'm just one of two network administrators who manage well over 800 networking device (totally cisco shop) and 62 remote sites, and we struggle with the moves, adds, and changes, port vlan assignment (management), users moving there workstations, users moving there voip phones, etc. If anyone can speak on implementing 802.1x wired in a medium to large large network i will be happy to hear about the real life pros and cons

7 REPLIES
Gold

Re: Who is really doing 802.1x wired

We implemented 802.1x in my previous company (similar size as yours)

You are right it can brings lot of problems.

Before we deployed management solution Cisco LMS 3.0... It really helped us with configuration, config backup, network overview, discrepancy reports, user tracking, troubleshooting (get rid of fake hubs etc..) ... It cleaned our network and saved lot of time .. I suggest to have good management solution before you move to 802.1x

We also separated devices what are not able to authenticate via 802.1x (printers, faxes) to separate VLAN

Than we started in one segment (vlan) which was most stable (no changes, no moves)...

It worked fine.. Than we smoothly moved to other vlans step by step..

The true is that it took lot of time (one of my colleagues was working only on this project for some time).. But we managed it and it works fine.. It would also asked your cisco vendor for consultancy and help

Hope that helps

M.

Community Member

Re: Who is really doing 802.1x wired

Hi M.SIR

Thanks for the feedback, it helps to chat with someone who has actually been through this.

The management solution you used was LMS 3.0?

How did you handle legacy pc (windows 2000, 98) if there were any?

What about RDP (Remote Desktop), do you encounter problems trying to manage desktops remotely?

Community Member

Re: Who is really doing 802.1x wired

m.sir

Is there any tips that you can give me, prior to deployment that ended up being gotcha during deployment.

Community Member

Re: Who is really doing 802.1x wired

Yes, most of the issues you'll have will be on the Windows side and not on the Cisco side. A few come to mind:

- Windows XP (even SP3) has issues with executing logon scripts while the network is being changed (VLAN assignments) on boot.

- Use machine authentication to support environments that need logon scripts.

- Consider MAC authentication as well to support environments that need remote boot/management.

- Start small, fail open at first: even if user "fails" 1x auth, put them on the production VLAN while you test the entire environment.

I'm doing an 802.1x rollout for about 500 PCs (plus 500 devices that are not 1x capable) right now and these are some of the issues we've seen.

Community Member

Re: Who is really doing 802.1x wired

Hi fsmontenegro,

So for windows logon scripts issues, how did you resolve that issue?

When you say machine authentication are speaking Active Directory or local machine logon?

Gold

Re: Who is really doing 802.1x wired

Yes LMS 3.0.. We were lucky , only win XP, RDP worked fine

M.

Community Member

Re: Who is really doing 802.1x wired

Thanks for the tips.

336
Views
0
Helpful
7
Replies
CreatePlease to create content