Friday, December 28, 2018

802.1X MAB best practices?

We have some devices that don't support 802.1X, so first I was thinking of doing the authentication profile so that it tries 802.1X first and then falls back to MAC authentication. And if MAC authentication also fails then set the port to visitor network. Then apply this profile to every switch port whether there was a 802.1X capable client or not.

Would this cause problems for some devices, as they have to wait until the 802.1X authentication times out? Or would I be better of configuring three different profiles and for a new switch just configure most ports with 802.1X and then the rest with MAC authentication and visitor VLAN where needed?

Having the same profile in every port would be easier, but what are your experiences? Do you use 802.1X for wireless access points uplinks too?

Thanks for any ideas!



No comments:

Post a Comment