Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

802.1x multipoint authenticator and security issue

Hi everybody

Let say we have following set up:

host1

host2   ) ----------------hub------ f1/0-switch( authenticator)-------------------------Radius server.

host3

The switch is configured as follows.

Switch(config)#interface FastEthernet 1/0

Switch(config-if)#dot1x port-control auto

Switch(config-if)#dot1x host-mode multi-host

Let  say only host1 has valid credentials and the rest hosts i.e h2,h3 are  rogue hosts.  host1 sends authentication request and successfully  authenticated and switch transition its port to an authorized state.  But does it not mean  the other hosts h2 and h3 which were not  authenticated but yet are able to access network ?

thanks and have a great weekend.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: 802.1x multipoint authenticator and security issue

This board is more for Wireless Security not LAN. but I would think it's because you are connecting through a hub instead of a switch. Hubs share the data, so when the switch gets the auth for the valid client it turns that port as it should.

Now an invalid client connects and because the port is already thinking the client is valid, it passes all the traffic.

Make sense?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
1 REPLY

Re: 802.1x multipoint authenticator and security issue

This board is more for Wireless Security not LAN. but I would think it's because you are connecting through a hub instead of a switch. Hubs share the data, so when the switch gets the auth for the valid client it turns that port as it should.

Now an invalid client connects and because the port is already thinking the client is valid, it passes all the traffic.

Make sense?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
200
Views
0
Helpful
1
Replies