GroupStudy.com - CCIE, CCNA, CCNP and other Cisco Certifications

Home

BookStore

StudyNotes

Links

[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Subject: Re: dot1x
From: Christian Zeng <christian@xxxxxxxxx>
Date: Mon, 07 Jan 2008 20:34:29 +0100
Cc: Deepinder Babbar <dsbabbar@xxxxxxxxx>, ccielab@xxxxxxxxxxxxxx
In-reply-to: <b52faf070801070850t3b2ff903sf0e8fbcc6af4d069@mail.gmail.com>
References: <21b2ddb00801060751o1582ba75mb417a663b113a40c@mail.gmail.com> <47820B07.7060901@zengl.net> <b52faf070801070850t3b2ff903sf0e8fbcc6af4d069@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.13pre) Gecko/20071018 Thunderbird/1.5.0.14pre Mnenhy/0.7.5.666

Hi,

* Joseph Saad wrote:

!!!! guest-vlan will be used if the client doesn't support dot1x  (i.e. EAP
packets aren't detected)
    fail-auth VLAN will be used when client  fails authentication.

Thanks for the hint, I didn't know this feature exists (did my studies with 12.2(25)SEC).

aaa authen login CON none
aaa authen login VTY line

line con0
login authen CON

line vty 0 15
login authen VTY

This reduces the risk when accidentally changing the default method
later and break requirements or lock yourself out.


!!! this obviously require the definition of "username  U password p"
statement ... but I could be stating the obvious.

Username entry in the local db is not needed, the VTY method uses the line password (assuming it was there in the initial config).

Christian

Follow-Ups:
- Re: dot1x
  - From: Darby Weaver

References:
- dot1x
  - From: Deepinder Babbar
- Re: dot1x
  - From: Christian Zeng
- Re: dot1x
  - From: Joseph Saad

Prev by Date: Re: IWEB Vol4 task 1.5 trunking
Next by Date: Re: Recommendation for switching book.
Previous by thread: Re: dot1x
Next by thread: Re: dot1x
Index(es):
- Date
- Thread