Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port Security/802.1x

Is it possible to configure port security by 802.1x port ?

Perhaps by a vmware client for bridge mode.

br tom

2 REPLIES

Re: Port Security/802.1x

Is it possible to configure port security by 802.1x port ?

Perhaps by a vmware client for bridge mode.

br tom

Hi Tom,

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.

So it will purely on nic  which supports 802.1X protocol that will be supported with connected switch.

Hope to help.

Regards

Ganesh.H

Hall of Fame Super Silver

Re: Port Security/802.1x

Hello Tom,

it is possible to configure port security and 802.1X on the same port.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/sw8021x.html#wp1194824

These are some examples of the interaction between IEEE 802.1x authentication and port security on the switch:

When a client is authenticated, and the port security table is not full, the client MAC address is added to the port security list of secure hosts. The port then proceeds to come up normally.

When a client is authenticated and manually configured for port security, it is guaranteed an entry in the secure host table (unless port security static aging has been enabled).

A security violation occurs if the client is authenticated, but the port security table is full. This can happen if the maximum number of secure hosts has been statically configured or if the client ages out of the secure host table. If the client address is aged, its place in the secure host table can be taken by another host.

If the security violation is caused by the first authenticated host, the port becomes error-disabled and immediately shuts down.

Not sure if it is what you are looking  for.

Hope  to help

Giuseppe

801
Views
0
Helpful
2
Replies