Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
3
Replies

Catalyst Port Access/Authentication

demodog
Level 1
Level 1

‎04-05-2004 03:33 AM - edited ‎03-02-2019 02:47 PM

All:

IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1

I'd like to test 802.11x authentication using a CAT 3548 and Steel Belted RADIUS in a test lab.

Question: Does the IOS on the switch support this?

If not, which version do I need?

??

Rgds

S

Labels:
0 Helpful
3 Replies 3

Craig Norborg
Level 4
Level 4

‎04-05-2004 07:00 AM

I believe you need a new switch. AFAIK the 3500XL series switches does not and will not support dot1x authentication. The 2950 or 3550 should do quite nicely though (12.1 release train vs. 12.0 for 3500XL). Here is a link to configuring it once you get a switch that will do it.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d84b9.html

0 Helpful

demodog
Level 1
Level 1
In response to Craig Norborg

‎04-05-2004 09:23 AM

thanks Craig:

h'mmm .. I don't think I need 802.1x at all for what I'm trying to do. I beleive what I need is aaa configured to authneticate a user to a radius server.

Once radius passes blessing, the switch will grant the port access to the netwrok accordingly.

However, I thought this was 802.1x in a nutshell.

??

0 Helpful

Craig Norborg
Level 4
Level 4
In response to demodog

‎04-05-2004 10:40 AM

The only "aaa" that a switch will do is to authenticate a user to log onto the switch, unless it is dot1x capable.

dot1x was developed to grant users/machines access to the network by authenticating them before allowing them to pass traffic on a switchport (or via wireless). So you are correct, that is dot1x in a nutshell. Without it a switch cannot do what your looking for, which is why the 3500XL series won't do it. There is no other mechanism to accomplish this at a switchport level, at least on Cisco equipment from what I know.

You could use other things such as port security via mac addresses and such, but dot1x is required for what you are looking for.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents