![]() ![]() To start with, we’ll want to configure our AAA settings but this time with one addition ‘aaa authorization network default group radius’ which will instruct the switch to use AAA for network services including VLAN assignment. It covers some of the fundamental concepts and configurations which we’ll build on here. If you’re reasonably new to 802.1x then I suggest you head over to my earlier post on 802.1x and return back once you’ve read it. It would be an administrative headache to keep logging into the switch each time to change the VLAN depending on who was sat at these hot desks for the day, so we can leverage 802.1x to do this for us. An example use case would be having be an office with several hot desks, used by various departments, but a compliance restriction that places heavy restrictions on network access into particular resources such as HR, finance and so on. While this can be quite useful, it can also be quite restrictive – what if we wanted different authenticated users into different VLANs rather than just the authenticated VLAN? This is entirely do-able. In an earlier post we used 802.1x to authenticate users into the network and assign them into a VLAN based on either a successful or unsuccessful authentication as well as a VLAN for clients who did not send an initial EAPOL message.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |