Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Catalyst Port Access/Authentication

All:

IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1

I'd like to test 802.11x authentication using a CAT 3548 and Steel Belted RADIUS in a test lab.

Question: Does the IOS on the switch support this?

If not, which version do I need?

??

Rgds

S

3 REPLIES

Re: Catalyst Port Access/Authentication

I believe you need a new switch. AFAIK the 3500XL series switches does not and will not support dot1x authentication. The 2950 or 3550 should do quite nicely though (12.1 release train vs. 12.0 for 3500XL). Here is a link to configuring it once you get a switch that will do it.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d84b9.html

New Member

Re: Catalyst Port Access/Authentication

thanks Craig:

h'mmm .. I don't think I need 802.1x at all for what I'm trying to do. I beleive what I need is aaa configured to authneticate a user to a radius server.

Once radius passes blessing, the switch will grant the port access to the netwrok accordingly.

However, I thought this was 802.1x in a nutshell.

??

Re: Catalyst Port Access/Authentication

The only "aaa" that a switch will do is to authenticate a user to log onto the switch, unless it is dot1x capable.

dot1x was developed to grant users/machines access to the network by authenticating them before allowing them to pass traffic on a switchport (or via wireless). So you are correct, that is dot1x in a nutshell. Without it a switch cannot do what your looking for, which is why the 3500XL series won't do it. There is no other mechanism to accomplish this at a switchport level, at least on Cisco equipment from what I know.

You could use other things such as port security via mac addresses and such, but dot1x is required for what you are looking for.

95
Views
0
Helpful
3
Replies
CreatePlease to create content