Authenticating Wired Macs with Microsoft IAS and 802.1X August 21, 2006
Posted by jpayne in : 802.1X, OS/X, Security , add a commentLets say that you don’t really want users to login, just have a valid certificate. All your Windows boxes do auto-enrollment and get certificates.  This works transparently.
Macs however… well, lets just say it took a while to realise that the certificate common name should be the UPN, not the username and not the email address. Now it works just fine 
 Needless to say, this was a problem with the certificate server’s templates, not with the mac itself.
If Microsoft can get it right…. August 2, 2006
Posted by jpayne in : 802.1X, Security , 2 commentsWhy can’t Cisco? 3560, small stackable switch:
interface GigabitEthernet0/11  switchport access vlan 803  switchport mode access  switchport voice vlan 801  load-interval 30  dot1x port-control auto  dot1x timeout tx-period 10  dot1x timeout reauth-period 60  dot1x guest-vlan 1  dot1x reauthentication  spanning-tree portfast end
6500 wiring closet switch:
switch(config)#int faste 1/22 switch(config-if)#dot1x port-control auto Command rejected: One or more ports configured with voice vlan. Dot1x can't be enabled on voice vlan configured ports.
So how is one supposed to enable 802.1X and use Cisco’s phones? Double up on switchports and wall jacks.
Cisco claims IOS support on the 6500 for 802.1X and voice VLANs is coming early 2007. CatOS is supposed to support it, but that’s a backwards step I’m not sure we want to take…
