Difference between revisions of "Netband Project - 802.1x"

From Teknologisk videncenter
Jump to: navigation, search
(Configuration)
(Configuration)
 
(19 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<accesscontrol>NetBand</accesscontrol>
+
=802.1x=
 
This page is part of the [[Netband_Project|Netband Project]]
 
This page is part of the [[Netband_Project|Netband Project]]
 
*provides accesscontrol at the switchport
 
*provides accesscontrol at the switchport
Line 12: Line 12:
  
 
==Configuration==
 
==Configuration==
 +
*Allows only one host on a switchport
 +
*The host must be authenticated before normal traffic will be allowed through the switchport
 +
*The host must be 802.1x compatible
 +
<pre">
 +
aaa new-model
 +
!
 +
dot1x system-auth-control
 +
!
 +
aaa authentication dot1x default group Hq_radius_server
 +
!
 +
aaa group server radius Hq_radius_server
 +
server 10.1.1.11 auth-port 1645 acct-port 1646
 +
!
 +
radius-server key ciscodisco
 +
</pre>
 
*12.2(46)SE and earlier  
 
*12.2(46)SE and earlier  
 
<pre>interface FastEthernet0/10
 
<pre>interface FastEthernet0/10
Line 17: Line 32:
 
   dot1x host-mode single-host
 
   dot1x host-mode single-host
 
   dot1x violation-mode protect
 
   dot1x violation-mode protect
!
 
radius-server key ciscodisco
 
 
</pre>
 
</pre>
 
*12.2(50)SE or later
 
*12.2(50)SE or later
 
<pre>interface FastEthernet0/10
 
<pre>interface FastEthernet0/10
 
  authentication port-control auto  
 
  authentication port-control auto  
  authentication host-mode
+
  authentication host-mode single-host
 
  authentication violation protect
 
  authentication violation protect
 
</pre>
 
</pre>
  
 
==External Links==
 
==External Links==
[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html 802.1x]
+
[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html 802.1x 12.2(46)SE]
 +
<br>
 +
[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/sw8021x.html 802.1x 12.2(50)SE]
 +
<br>
 +
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_eap.conf
 +
[[Category:network]][[Category:CCNP]][[category:students]]

Latest revision as of 13:00, 5 August 2009

802.1x

This page is part of the Netband Project

  • provides accesscontrol at the switchport
  • Consists of
    • Auhtenticator
      • The device that handles the authentication on behalf of the clients
    • Supplicant(client)
      • The clients conencting to the network
    • Authentication server
      • Radius server
802.1x

Configuration

  • Allows only one host on a switchport
  • The host must be authenticated before normal traffic will be allowed through the switchport
  • The host must be 802.1x compatible

<pre"> aaa new-model ! dot1x system-auth-control ! aaa authentication dot1x default group Hq_radius_server ! aaa group server radius Hq_radius_server

server 10.1.1.11 auth-port 1645 acct-port 1646

! radius-server key ciscodisco </pre>

  • 12.2(46)SE and earlier
interface FastEthernet0/10
  dot1x port-control auto
  dot1x host-mode single-host
  dot1x violation-mode protect
  • 12.2(50)SE or later
interface FastEthernet0/10
 authentication port-control auto 
 authentication host-mode single-host
 authentication violation protect

External Links

802.1x 12.2(46)SE
802.1x 12.2(50)SE
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_eap.conf