21
08
2006
Lets say that you don’t really want users to login, just have a valid certificate. All your Windows boxes do auto-enrollment and get certificates. This works transparently.
Macs however… well, lets just say it took a while to realise that the certificate common name should be the UPN, not the username and not the email address. Now it works just fine 
Needless to say, this was a problem with the certificate server’s templates, not with the mac itself.
Comments : No Comments »
Categories : 802.1X, OS/X, Security
2
08
2006
Why can’t Cisco? 3560, small stackable switch:
interface GigabitEthernet0/11
switchport access vlan 803
switchport mode access
switchport voice vlan 801
load-interval 30
dot1x port-control auto
dot1x timeout tx-period 10
dot1x timeout reauth-period 60
dot1x guest-vlan 1
dot1x reauthentication
spanning-tree portfast
end
6500 wiring closet switch:
switch(config)#int faste 1/22
switch(config-if)#dot1x port-control auto
Command rejected: One or more ports configured with voice vlan.
Dot1x can't be enabled on voice vlan configured ports.
So how is one supposed to enable 802.1X and use Cisco’s phones? Double up on switchports and wall jacks.
Cisco claims IOS support on the 6500 for 802.1X and voice VLANs is coming early 2007. CatOS is supposed to support it, but that’s a backwards step I’m not sure we want to take…
Comments : 2 Comments »
Categories : 802.1X, Security
