Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1x configuration between CISCO 3750-x and CISCO SF302-08P

This thread has been viewed 2 times

  • 1.  802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    Posted Sep 25, 2014 12:46 AM

    Hi,

    We are in the process of implementing ClearPass Appliance and everything has been configured properly except that we are now facing a problem to secure/configure 802.1x connection between the edge switch "CISCO Catalyst 3750-x" port and Workgroup switch "CISCO SF302-08P".

    The CISCO 8 ports workgroup switch has been configured/tested with Clearpass and it works fine. Similarly the CISCO Switch is fine too. The user case that we would like to test is what if someone unblug the cable which connects from the Workgroup switch to the edge switch and uses it to access the LAN. In other words we would like to secure the port "trunk" in the edge switch which connect with the Workgroup switch.

     

    You help and suggestions will be highly appreciate it.

     

    Thanks and best regards



  • 2.  RE: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    EMPLOYEE
    Posted Sep 25, 2014 07:34 AM
    Generally speaking, router and switch ports don't usually have a dot1X supplicant.


  • 3.  RE: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    Posted Sep 25, 2014 07:54 AM

    How can we secure these ports? This is the main questions.

     

    To clarify further the user case with assumption that both switches are configured and working fine with Clearpass, here is an example

     

    A small office has 4 users "PCs" that are all connected to CIsco SF302-08P Workgroup switch with 8 ports. This switch support dot1.x. and itself is connected "up link" to another CISCO switch "Edge" that is located in a secure Cabinet.

     

    What if a person sneak to the office and remove the cable "up link" that connect to the edge switch and plug it in his/her notebook. He/she will be able to access the LAN with a forced authorization and by pass Clearpass.

     

    Is there a way to configure the edge switch port that is located in the secured cabinet?

     

    Thanks a lot. 



  • 4.  RE: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    EMPLOYEE
    Posted Sep 25, 2014 07:56 AM
    This is usually handled by physical security. I don't know of anyone doing trunk port dot1X.

    Even if it was possible, you would run into all kinds of management access issues.


  • 5.  RE: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    Posted Sep 25, 2014 08:06 AM

    I have found this link.

     

    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25sg/configuration/guide/conf/port_sec.pdf

     

    Would this do the job ?

     

     



  • 6.  RE: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    EMPLOYEE
    Posted Sep 25, 2014 08:08 AM
    Potentially, if the small business switch supports the same feature set.

    (You're on an Aruba forum asking for Cisco switch support ;-))


  • 7.  RE: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    Posted Sep 25, 2014 08:18 AM

    Yes I know :-)) not in the right place. But the reason I am asking is with reference to Clearpass. If there is a solution out there that could help us secure the trunk port, it shouldn't affect Aruba Clearpass functionality. 



  • 8.  RE: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

    EMPLOYEE
    Posted Sep 25, 2014 08:20 AM
    I don't think trunk port security uses 802.1X.