I might be repeating someone else here - I haven't followed the
thread completely. The vulnerability you are talking about is
documented in this field notice...
http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml
You have to be VERY careful when putting XP on your Cisco switched
LAN, make sure you have new code and/or new SUP's. The 802.1x
authentication option is also available on Win2k but it is disabled
by default, on the XP beta it is enabled by default (not sure if the
final release will be the same). It seems to boil down to STP ports
in "blocking" mode forwarding the 802.1x packets. It has the
potential to bring down a segment in double-quick time, just ask
Xerox, apparently just one curious engineer's PC managed that trick,
they now have a strict "NO XP!" policy on their network (allegedly).
Regards
Charlie
--- Chuck Larrieu wrote: > I did a little more
checking on this. there is a known issue with
> XP clients
> and Catalyst 5000 switches with EARL 1 and certain software
> revisions. I may
> be misunderstanding this completely, but it is an issue with the
> interaction
> of the Cat 5K and XP when 802.1x port authentication is enabled.
> that got me
> to reading on 802.1x authentication. interesting.
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
> Of
> Brian
> Sent: Tuesday, August 21, 2001 6:40 PM
> To: [EMAIL PROTECTED]
> Subject: RE: HELP!! The Cisco Code & Windows XP [7:16604]
>
>
> perhaps boss heard about the mstcp thread...
>
> Brian "Sonic" Whalen
> Success = Preparation + Opportunity
>
>
> On Tue, 21 Aug 2001, Chuck Larrieu wrote:
>
> > I'm sure you've had your fair share of smart remarks by now. So I
> won't
> add
> > my own. I will remark that in fairness to your boss, there is
> probably
> > something he has heard or read which caused him to look for
> reassurance.
> >
> > for example, is there a concern with VPN compatibility of
> operation using
> > Win XP VPN client software? is there a security concern based
> upon
> published
> > writings about the XP TCP stack?
> >
> > if the question is "will Cisco routers pass traffic generated by
> XP
> > machines?" the answer is "sure. why not" after all, there is
> nothing in an
> > IP or a TCP header that indicates the type of host OS that
> originates the
> > packet. as long as the traffic is contained in valid packets, the
> router
> > will pass process them. knowing that, may I recommend you sit
> down with
> the
> > boss and ask what his concerns are. what has he read? what has he
> heard?
> why
> > would he think there is reason to be concerned? hell, he could be
> a victim
> > of MBBW ( Management By Business Week - where the president of
> the company
> > saw something in Business Week Magazine over the weekend and on
> Monday
> > morning told your boss to investigate and come back with report.
> ;->
> >
> > ( and yes, I know some bosses are "she" )
> >
> > Chuck
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of
> > Ray Smith
> > Sent: Monday, August 20, 2001 5:38 PM
> > To: [EMAIL PROTECTED]
> > Subject: HELP!! The Cisco Code & Windows XP [7:16604]
> >
> >
> > Guys,
> >
> > After my boss delegated me to research all I can about what is
> need to
> > upgrade if necessary our Cisco routers and switches to work with
> Windows-XP,
> > I was only able to assert from information on the web that there
> is a bug
> in
> > the switch software that is incompatible with XP.
> >
> > Does anyone here know of any valuable information that can help
> me with
> > compiling an educated assessment of this research? Is anyone out
> there
> > knowledgeable of this issue either from personal experience or
> from
> > literature? I would really appreciate some feedback.
> >
> > The only problems that I have actually heard of thus far is that
> which
> > occurred during the beta test that brought down one of Xerox's
> network. I
> > understand that there is a patch that is available as a fix, in
> addition
> to
> > the option of upgrading the Switch code. My question is: -
> >
> > a). Does the incompatibility only exist with the Switch software
> or with
> the
> > router IOS as
> > well?
> >
> > b). Is the patch the best way of dealing with the problem?
> >
> > I appreciate any help that I can get. Thanks
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp
[EMAIL PROTECTED]
____________________________________________________________
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16790&t=16604
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
