Difference between revisions of "Netband Project - 802.1x"

From Teknologisk videncenter
Jump to: navigation, search
(Configuration)
(External Links)
Line 43: Line 43:
 
<br>
 
<br>
 
[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/sw8021x.html 802.1x 12.2(50)SE]
 
[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/sw8021x.html 802.1x 12.2(50)SE]
 +
[http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_eap.conf]

Revision as of 09:54, 22 April 2009

<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project

  • provides accesscontrol at the switchport
  • Consists of
    • Auhtenticator
      • The device that handles the authentication on behalf of the clients
    • Supplicant(client)
      • The clients conencting to the network
    • Authentication server
      • Radius server
802.1x

Configuration

  • Allows only one host on a switchport
  • The host must be authenticated before normal traffic will be allowed through the switchport
  • The host must be 802.1x compatible
aaa new-model
!
dot1x system-auth-control
!
aaa authentication dot1x default group Hq_radius_server
!
aaa group server radius Hq_radius_server
 server 10.1.1.11 auth-port 1645 acct-port 1646
!
radius-server key ciscodisco
  • 12.2(46)SE and earlier 
interface FastEthernet0/10
  dot1x port-control auto
  dot1x host-mode single-host
  dot1x violation-mode protect
  • 12.2(50)SE or later
interface FastEthernet0/10
 authentication port-control auto 
 authentication host-mode single-host
 authentication violation protect

External Links

802.1x 12.2(46)SE
802.1x 12.2(50)SE [1]

Retrieved from "http://mars.merhot.dk/w/index.php?title=Netband_Project_-_802.1x&oldid=4077"