sorry last comment... will also add that with the new method if an EAP packet is detected even if webauth or MAB are configured as first priority the dot1x will take priority and be attempted and override the priority order.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Tyson Scott [mailto:[email protected]] Sent: Saturday, June 25, 2011 2:47 AM To: 'Tyson Scott'; 'Piotr Matusiak' Cc: 'Bruno'; 'CCIE Security Maillist' Subject: RE: [OSL | CCIE_Security] dot1x fallback / webauth To add from when I added it to the lab. It doesn't work very well until 12.2.50. With the ability to prioritize the authentication method using the command "authentication order [dot1x|mab|webauth]". When I put it in the lab I noticed you had to wait a significant amount of time for the dot1x timeout before webauth would be used. It is better to change the order based on the network connection device location to utilize this function. i.e. printers or other non-supplicant devices on the network utilizing MAB as first priority. Which can go back to the trustsec (i.e. ISE) that was talked about in the other email. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: Tyson Scott [mailto:[email protected]] Sent: Saturday, June 25, 2011 2:39 AM To: 'Piotr Matusiak'; 'Tyson Scott' Cc: 'Bruno'; 'CCIE Security Maillist' Subject: RE: [OSL | CCIE_Security] dot1x fallback / webauth Piotr, That's right. I guess I was thinking about the ability to prioritize which method to use first now that you bring that up. I even forgot that I put this in our workbook. It is in Volume 2 Lab 13. Thanks for correcting me. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: Piotr Matusiak [mailto:[email protected]] Sent: Saturday, June 25, 2011 2:32 AM To: Tyson Scott Cc: Bruno; CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] dot1x fallback / webauth Tyson, It was introduced in 12.2(35)SE as per this document: http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1 2.2_35_se/command/reference/cli1.html#wp8920738 Regards, Piotr 2011/6/25 Tyson Scott <[email protected]> Piotr, You can correct me if I am wrong but I think dot1x fallback is introduced on the 3560 with 12.2(50)SE. The test is 12.2(44)SE. So I think this is safe to ignore. But in the real work this is a very handy feature. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Piotr Matusiak Sent: Wednesday, June 22, 2011 4:50 PM To: Bruno Cc: CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] dot1x fallback / webauth Yes. 2011/6/22 Bruno <[email protected]> Is this feature available for either 3550 and 3560? -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
