Question regarding 802.1x

[Guest]

Archived from groups: comp.dcom.lans.ethernet (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, all.

My question is a simple one. Under the following configuration, will
station A be able to authenticate against switch A, which supports
802.1x through switch B, which does not?

[X]--------[X]----------O
switch A switch B station A

FWIW, switch A is a Cisco 2924XL-EM, switch B is a 3Com 3CNJ100 Work
Area Outlet with a 4-port switch, and station A is a yet-to-be-purchased
802.1x NIC (most likely a 3Com, but I'm open to suggestions if you have
them).

Bonus question: Would authentication work if there were two stations
connected simultaneously to switch B (as you would expect to see on a
switch)?

Thanks!

- --
Anthony Chavez http://anthonychavez.org/
mailto:acc@anthonychavez.org jabber:acc@jabber.anthonychavez.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)

iD8DBQFCJk0EbZTbIaRBRXERAlXLAJ9n8OfN1p44fjhLGNBf28pcySdDkQCfbV06
+ZG6Tx2HnW7rYlKt6ylCmd8=
=2hrR
-----END PGP SIGNATURE-----

 

[Guest]

Archived from groups: comp.dcom.lans.ethernet (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 02 Mar 2005 16:32:16 -0700 Anthony Chavez <acc@anthonychavez.org> wrote:

> FWIW, switch A is a Cisco 2924XL-EM

Sorry, make that a Cisco 2950-24, which acctually supports 802.1x. ;-)

- --
Anthony Chavez http://anthonychavez.org/
mailto:acc@anthonychavez.org jabber:acc@jabber.anthonychavez.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)

iD8DBQFCJlDPbZTbIaRBRXERAtqDAJ4szFBK5nqmSv4cQSlQ1JRK851O0wCeJzxh
hGzAtzUaSHe8PBodOWE8CPE=
=Cmsy
-----END PGP SIGNATURE-----

 

[Guest]

Archived from groups: comp.dcom.lans.ethernet (More info?)

Anthony Chavez wrote:
> On Wed, 02 Mar 2005 16:32:16 -0700 Anthony Chavez <acc@anthonychavez.org> wrote:
>
>
>>>FWIW, switch A is a Cisco 2924XL-EM
>
>
> Sorry, make that a Cisco 2950-24, which acctually supports 802.1x. ;-)
>
As long as switch B can function as an authenticator, then yes, the
solution should work fine. The intermediate switch doesn't see the EAP
at layer-2, only the access-switch see it so it isn't important whether
it supports 802.1x or not. That is one of the functions of the
authenticator... convert EAP at layer-2 to RADIUS (or another
unspecified protocol... the standard isn't specific) layer-3 traffic.

Of course you can attach as many stations as you have ports. I won't
answer for multiple stations per port... it can be done, but it makes
ugliness.

As far as NICs go... almost any modern nic will be fine... it's the
supplicant software that makes all the difference.

Scott

 

[Guest]

Archived from groups: comp.dcom.lans.ethernet (More info?)

Anthony Chavez wrote:
> On Wed, 02 Mar 2005 16:32:16 -0700 Anthony Chavez <acc@anthonychavez.org> wrote:
>
>
>>>FWIW, switch A is a Cisco 2924XL-EM
>
>
> Sorry, make that a Cisco 2950-24, which acctually supports 802.1x. ;-)
>
As long as switch B can function as an authenticator, then yes, the
solution should work fine. The intermediate switch doesn't see the EAP
at layer-2, only the access-switch see it so it isn't important whether
it supports 802.1x or not. That is one of the functions of the
authenticator... convert EAP at layer-2 to RADIUS (or another
unspecified protocol... the standard isn't specific) layer-3 traffic.

Of course you can attach as many stations as you have ports. I won't
answer for multiple stations per port... it can be done, but it makes
ugliness.

As far as NICs go... almost any modern nic will be fine... it's the
supplicant software that makes all the difference.

Scott