Migration to 802.1x for large scale Ethernet network
I have a very large wired-only Ethernet network which I would like to migrate to 802.1x for stronger authentication of end users. The problem I have is that there are long chains of legacy swtiches which do not support 802.1x (the topology of the network is a complete tree of switches). As far as I know, 802.1x is port based.
So here is the issue:
- the replacement of all switches will take a very long time, but I would like to have all end users authenticated asap
- switches supporting .1x will initially only be located at the roots of the tree. There will still be legacy switches not supporting .1x between end users and newer switches.
- authentication of users on a port of a new switch will be shared between several end users.
Do you know if it possible to enable authentication of all users but having only enabled 802.1x in some more central locations first?
Re: Migration to 802.1x for large scale Ethernet network
IEEE 802.1x Authentication
These are the IEEE 802.1x authentication configuration guidelines:
?When IEEE 802.1x authentication is enabled, ports are authenticated before any other Layer 2 or Layer 3 features are enabled.
?If you try to change the mode of an IEEE 802.1x-enabled port (for example, from access to trunk), an error message appears, and the port mode is not changed.
?If the VLAN to which an IEEE 802.1x-enabled port is assigned changes, this change is transparent and does not affect the switch. For example, this change occurs if a port is assigned to a RADIUS server-assigned VLAN and is then assigned to a different VLAN after re-authentication.
If the VLAN to which an IEEE 802.1x port is assigned to shut down, disabled, or removed, the port becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned shuts down or is removed.
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?