[unisog] EAP/802.1x to the edge...anyone doing it?

John Rowan Littell littejo at earlham.edu
Fri Jan 14 01:46:16 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----

Lo, Matt Ashfield and the teakettle whistled in unison:

> I guess I'm just looking for feedback from anyone who is currently doing
> 802.1x at the edge. What has been your experiences? Also, do you know if you
> can get a radius server to return a vlanID to the edgeswitch, so you'll be
> placed in an appropriate vlan after authenticating (or do you have to rely
> on the config of the edgeswitch to do it?).

Not much comments on your main question, and I've seen what others
have said so far -- but the question of RADIUS and VLAN caught my eye.
I know that this is possible with some switches, although I've not yet
tried to implement it.  There was a paper at LISA this year that
described a system that uses it, though:

http://www.cs.princeton.edu/autoMAC/

They've got a system where you plug into a "general-purpose" port,
register your computer on it, and then it figures out which VLAN
you're supposed to be on, returns that to the switch as part of the
RADIUS response, and, voila, you're in the VLAN that you're supposed
to be in for that user/device.

   --rowan

- -- 
John "Rowan" Littell
Systems Administrator
Earlham College Computing Services
http://www.earlham.edu/~littejo/
2005-01-13 20:41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: http://www.earlham.edu/~littejo/littejo.asc

iQCVAwUBQeckaZdUNSJ2nf/5AQHjLQQAoTU+r5xIujRyadNDvUdEcpwrMibdBiiQ
f4Y4YiholYPFH3M1echnX6vP9+qXziWrUKc5WL7rGD46L4rvXlg3mBeEu5Q2DMXw
sevYBmyjz/fd5XpISyvsoAWvwTaSss2dm6imoiV1rzg61fw1RKOOXgoFErN8ysKJ
Xzp85WKsYdk=
=RQ4k
-----END PGP SIGNATURE-----



More information about the unisog mailing list