Security

Reply
New Contributor
Posts: 4
Registered: ‎09-24-2014

802.1x configuration between CISCO 3750-x and CISCO SF302-08P

Hi,

We are in the process of implementing ClearPass Appliance and everything has been configured properly except that we are now facing a problem to secure/configure 802.1x connection between the edge switch "CISCO Catalyst 3750-x" port and Workgroup switch "CISCO SF302-08P".

The CISCO 8 ports workgroup switch has been configured/tested with Clearpass and it works fine. Similarly the CISCO Switch is fine too. The user case that we would like to test is what if someone unblug the cable which connects from the Workgroup switch to the edge switch and uses it to access the LAN. In other words we would like to secure the port "trunk" in the edge switch which connect with the Workgroup switch.

 

You help and suggestions will be highly appreciate it.

 

Thanks and best regards

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

Generally speaking, router and switch ports don't usually have a dot1X supplicant.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎09-24-2014

Re: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

How can we secure these ports? This is the main questions.

 

To clarify further the user case with assumption that both switches are configured and working fine with Clearpass, here is an example

 

A small office has 4 users "PCs" that are all connected to CIsco SF302-08P Workgroup switch with 8 ports. This switch support dot1.x. and itself is connected "up link" to another CISCO switch "Edge" that is located in a secure Cabinet.

 

What if a person sneak to the office and remove the cable "up link" that connect to the edge switch and plug it in his/her notebook. He/she will be able to access the LAN with a forced authorization and by pass Clearpass.

 

Is there a way to configure the edge switch port that is located in the secured cabinet?

 

Thanks a lot. 

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

[ Edited ]
This is usually handled by physical security. I don't know of anyone doing trunk port dot1X.

Even if it was possible, you would run into all kinds of management access issues.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎09-24-2014

Re: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

Potentially, if the small business switch supports the same feature set.

(You're on an Aruba forum asking for Cisco switch support ;-))

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎09-24-2014

Re: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

Yes I know :-)) not in the right place. But the reason I am asking is with reference to Clearpass. If there is a solution out there that could help us secure the trunk port, it shouldn't affect Aruba Clearpass functionality. 

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: 802.1x configuration between CISCO 3750-x and CISCO SF302-08P

I don't think trunk port security uses 802.1X.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: