I am creating a lab environment to test 802.1x prior to implementing it into production.
I wanted to know what is the pros and cons of this security feature at layer 2?
How does it really work behind the scenes?
The reason why i want to implement this feature/function is becuase I'm just one of two network administrators who manage well over 800 networking device (totally cisco shop) and 62 remote sites, and we struggle with the moves, adds, and changes, port vlan assignment (management), users moving there workstations, users moving there voip phones, etc. If anyone can speak on implementing 802.1x wired in a medium to large large network i will be happy to hear about the real life pros and cons
We implemented 802.1x in my previous company (similar size as yours)
You are right it can brings lot of problems.
Before we deployed management solution Cisco LMS 3.0... It really helped us with configuration, config backup, network overview, discrepancy reports, user tracking, troubleshooting (get rid of fake hubs etc..) ... It cleaned our network and saved lot of time .. I suggest to have good management solution before you move to 802.1x
We also separated devices what are not able to authenticate via 802.1x (printers, faxes) to separate VLAN
Than we started in one segment (vlan) which was most stable (no changes, no moves)...
It worked fine.. Than we smoothly moved to other vlans step by step..
The true is that it took lot of time (one of my colleagues was working only on this project for some time).. But we managed it and it works fine.. It would also asked your cisco vendor for consultancy and help
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...