Difference between revisions of "Netband Project - 802.1x"
From Teknologisk videncenter
(→Configuration) |
|||
| (25 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | =802.1x= | |
This page is part of the [[Netband_Project|Netband Project]] | This page is part of the [[Netband_Project|Netband Project]] | ||
*provides accesscontrol at the switchport | *provides accesscontrol at the switchport | ||
| Line 5: | Line 5: | ||
**Auhtenticator | **Auhtenticator | ||
***The device that handles the authentication on behalf of the clients | ***The device that handles the authentication on behalf of the clients | ||
| − | **Supplicant | + | **Supplicant(client) |
***The clients conencting to the network | ***The clients conencting to the network | ||
**Authentication server | **Authentication server | ||
***Radius server | ***Radius server | ||
| − | [[Image:Netband-8021x.jpg|thumb|none|700px| | + | [[Image:Netband-8021x.jpg|thumb|none|700px|802.1x]] |
| + | ==Configuration== | ||
| + | *Allows only one host on a switchport | ||
| + | *The host must be authenticated before normal traffic will be allowed through the switchport | ||
| + | *The host must be 802.1x compatible | ||
| + | <pre"> | ||
| + | aaa new-model | ||
| + | ! | ||
| + | dot1x system-auth-control | ||
| + | ! | ||
| + | aaa authentication dot1x default group Hq_radius_server | ||
| + | ! | ||
| + | aaa group server radius Hq_radius_server | ||
| + | server 10.1.1.11 auth-port 1645 acct-port 1646 | ||
| + | ! | ||
| + | radius-server key ciscodisco | ||
| + | </pre> | ||
| + | *12.2(46)SE and earlier | ||
| + | <pre>interface FastEthernet0/10 | ||
| + | dot1x port-control auto | ||
| + | dot1x host-mode single-host | ||
| + | dot1x violation-mode protect | ||
| + | </pre> | ||
| + | *12.2(50)SE or later | ||
| + | <pre>interface FastEthernet0/10 | ||
| + | authentication port-control auto | ||
| + | authentication host-mode single-host | ||
| + | authentication violation protect | ||
| + | </pre> | ||
==External Links== | ==External Links== | ||
| − | [http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html 802.1x] | + | [http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html 802.1x 12.2(46)SE] |
| + | <br> | ||
| + | [http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/sw8021x.html 802.1x 12.2(50)SE] | ||
| + | <br> | ||
| + | http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_eap.conf | ||
| + | [[Category:network]][[Category:CCNP]][[category:students]] | ||
Latest revision as of 13:00, 5 August 2009
802.1x
This page is part of the Netband Project
- provides accesscontrol at the switchport
- Consists of
- Auhtenticator
- The device that handles the authentication on behalf of the clients
- Supplicant(client)
- The clients conencting to the network
- Authentication server
- Radius server
- Auhtenticator
Configuration
- Allows only one host on a switchport
- The host must be authenticated before normal traffic will be allowed through the switchport
- The host must be 802.1x compatible
<pre"> aaa new-model ! dot1x system-auth-control ! aaa authentication dot1x default group Hq_radius_server ! aaa group server radius Hq_radius_server
server 10.1.1.11 auth-port 1645 acct-port 1646
! radius-server key ciscodisco </pre>
- 12.2(46)SE and earlier
interface FastEthernet0/10 dot1x port-control auto dot1x host-mode single-host dot1x violation-mode protect
- 12.2(50)SE or later
interface FastEthernet0/10 authentication port-control auto authentication host-mode single-host authentication violation protect
External Links
802.1x 12.2(46)SE
802.1x 12.2(50)SE
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_eap.conf