I found this - which seems to indicate the EI firmware is required - but then i also found this that refutes that - can anyone help with a definitive answer ?Ģ) I've had a look at a bucket-load of blog entries and looked at kleefys blog entry/cast at ( ) - this has an example cisco switch config - but, to be brutally honest, i have no idea what commands to enter to actually get that configuration going - as i've never done much more than use the web interfaces on switches (hey, thats what the network teams are for!). The cisco site seems to suggest that a 2905 wont work for NAC integration - but i only want NAP. soġ) I just grabbed a 802.1x capable switch from a mate for the purposes of this lab.
I have configured up all of the windows side - but am having a bit of trouble with the switch config.
All the new software features may be downloaded by existing customers for free.Im looking at labbing up a NAP environment with a 2008 R2 windows environment and a cisco 2950 switch.
Wire-speed port-based ACLs are available now on the 3550 Series switches. DHCP Interface Tracker is available now for 3550 Series switches. SSH and SNMP Version 3 capability will be available in the third quarter for 3550 Series switches and for 2950 Series switches with Enhanced Software Image. The 3550-24-FX is available now for $5,495 and the GBIC for $395. The switch is also equipped with two slots for fiber or copper Gigabit Ethernet interfaces.Ĭisco also introduced a copper-based 1000Base-T Gigabit Interface Converter (GBIC) for the Catalyst 35 switch lines as well as the older Catalyst 3500XL and 2900XL lines and Catalyst 40 series switches. Fiber can't be tapped by snoopers as copper can, and some service providers need the longer reach provided by fiber, Limkakeng said. In addition to introducing the new security software, Cisco Tuesday unveiled the Catalyst 3550-24-FX-SMI, equipped with 24 100Base-FX ports that carry Fast Ethernet traffic via multimode fiber instead of copper. Windows XP does include 802.1x support, he noted. Because most client operating systems don't have support for the protocol built in, implementing it would require a time-consuming rollout of software to many machines, Hockenhull said. However, deploying IEEE 802.1x isn't an overnight job, he added. The wire-speed ACL function lets Webster protect those resources without constraining the network's performance.
Likewise, public systems such as e-mail stations need to be walled off from sensitive resources on the network, Hockenhull said. Being able to set up protection mechanisms at several points on the network brings more depth to security provisions, he added. "It made things a lot less secure, in terms of passwords crossing the network in plain text," Hockenhull said.
In the past, management data could be encrypted in the core of Webster's network but not at the switch closest to the desktop, said Benjamin Hockenhull, WAN coordinator at the private university. Louis campus are connected to 3550 Series switches, which will be the primary replacement for most of the school's older switches. About 200 of the approximately 2,000 users at Webster University's St. Louis, which has beta-tested the new capabilities. SSH encryption and wire-speed ACLs both have brought big benefits to Webster University in St. Available previously on the 3550 Series switches, the software has been added to the 2950 line. The tool can also work with Remote Access Dial-in User Service authentication on the Cisco Secure Access Control Server.
"Although you may have been able to do something similar before, it actually makes it doable from an administrator's standpoint," said Ishmael Limkakeng, product line manager at Cisco's desktop switching business unit.Ĭisco has also enhanced its Cisco Secure User Registration Tool, allowing users to sign on to the network securely with a Web browser, and added support for Lightweight Directory Access Protocol authentication. It provides an easier mechanism for tracking down a DHCP user who may be connecting from an unauthorized location. In addition, it's extending the IEEE 802.1x standard for user authentication to Catalyst 2950 Series switches with standard software image.Ĭisco also will add the Dynamic Host Configuration Protocol (DHCP) Interface Tracker to the 3550 Series. Cisco will offer for some of the switches Secure Shell (SSH) and Simple Network Management Protocol (SNMP) Version 3 technology for encrypting network management traffic and port-based access control lists (ACL) that run at wire speed - that is, without degrading performance - to keep users away from resources they shouldn't use.