Reviews:
 ·Optimum Online
 ·Verizon Online DSL
| Lab for learning 802.1x concepts I just scored a Cisco 3550. I wanted to pickup another one to get a refresher on STP and to get my feet wet with 802.1x.
What I'm having difficulty coming by on the cheap is a TACACS or RADIUS software solution. Anyone know what to get besides Cisco Secure ACS? |
|
| Free radius or use Microsoft IAS / NPS. You can test the concepts of EAP methods etc.
--
»vinfotech.blogspot.com |
|
|
|
nosx
join:2004-12-27
00000
kudos:5 | tac_plus is a great free tacacs server. I have never tried to do dot1x with it before.
The free radiator (RADIUS service for linux) stuff can be easily configured to send special attributes for dot1x though, or VPN stuff when you get to those labs. |
|
Reviews:
·Optimum Online
·Verizon Online DSL
| reply to Network Guy
Thanks for the suggestions guys
I just realized from a different post in this forum that there's an SMI and an EMI image to this switch. Can a 3550 with an SMI image support an EMI image?
The IOS images are easily found via Google but I just wanted to know beforehand before trying it. |
|
mbruno
join:2003-07-03
Fruitland, MD | said by Network Guy:I just realized from a different post in this forum that there's an SMI and an EMI image to this switch. Can a 3550 with an SMI image support an EMI image?
From what I have read online, yes it can. I believe any image with the IP services is an EMI image. I remember reading somewhere that Cisco changed the name of the EMI to use the words IP in the name. I am sure someone here can verify me on that. |
|
 belushiPremium,MVM
join:2000-11-08
Twinsburg, OH | reply to Network Guy
For 802.1x/MAB authentication the general protocol used is RADIUS and not TACACS. Thats not to say you couldn't use Cisco ACS or some other RADIUS server for this function.
One thing to keep in mind is there have been lots of advancements/changes in 802.1x authentication commands over the past year or so with Cisco software. It seems that monthly there still continues to be new features offered. I doubt you will have access to all of these new features given a 3550 series switch seeing as how its so old. It has been a while since I used one so I could be wrong on that. |
|
Reviews:
·Optimum Online
·Verizon Online DSL
| reply to mbruno
said by mbruno:
From what I have read online, yes it can. I believe any image with the IP services is an EMI image.
Cool, thanks.  |
|
Reviews:
·Optimum Online
·Verizon Online DSL
| reply to belushi
said by belushi: For 802.1x/MAB authentication the general protocol used is RADIUS and not TACACS.
In efforts of practicing the stuff I'm reading on the book, I simply want to do the following:
- Use EAP-TLS or CHAP via EAP
- Assign a user who doesn't authenticate to a guest VLAN and keep this user there until they authenticate.
- Dynamic per-port VLAN assignment for an autheticated user, basically the premise of saying a user can take his/her laptop to anywhere in the building and still get the same IP address and network access. --- Not sure if this is possible but from what I gather in the book, it is. |
|
belushiPremium,MVM
join:2000-11-08
Twinsburg, OH | Here is your place to go for anything switch related to 802.1x/MAB:
»www.cisco.com/en/US/docs/switche···21x.html
Judging by some of the commands I saw, this is old. As I said previously, there have been lots of changes in this branch of networking recently including the command structure within Cisco IOS. |
|
| 
Well.. I guess I'll see how it goes. Hopefully it doesn't stray too far from what the book says. |
|
