Page 1
802.1x Dynami c VLAN Assignment
Page 2
802.1x Dynamic VLAN Assignment
Copyright © 2010 Sophos Limited. Al l
rights reserved. No part of this publication
may be reproduced, stored in retrieval
system, or transmitted, in any form or
by any means electronic, mechanical,
photocopying, recording or otherwise
unless you are either a valid licensee
where the documentation can be
reproduced in accordance with the lice nc e
terms or you otherwise have the prior
permission in writing of the copyright
owner.
Sophos and Sophos Anti-Virus are
registered trademarks of Sophos Limited.
All other product and company names
are trademarks or registered trademarks
of their respective owners.
Document version 3.2
Published December 2010
2
Page 3
802.1x Dynamic VLAN Assignment
Table of Contents
802.1x Dynamic VLAN Configuration ............................................................................................ 4
Cisco Switch Supported Options ............................................................................................................................ 4
Cisco Switch Configuration ..................................................................................................................................... 5
Server Settings for Network Policy Server (Windows Server 2008) ...................................................................... 6
Server Settings for Internet Authentication Service (IAS) (Windows Server 2003) ............................................... 9
Compliance Manager Setti ngs ............................................................................................................................. 12
Microsoft Supplicant Settings (Protected EAP Protocol) ...................................................................................... 19
Microsoft Supplicant Settings (Protected EAP Protocol) for Windows XP SP3+ ................................................. 21
Microsoft Supplicant Settings (MD5-Ch al lenge Pr otocol) .................................................................................... 23
Juniper Networks Odyssey Access Client Supplicant .......................................................................................... 25
Cisco Secure Services Client Supplicant ............................................................................................................. 29
Appendix A: Sample Cisco 802.1x Catalyst 2950 Configuration ......................................................................... 37
3
Page 4
802.1x Dynamic VLAN Assignment
802.1x Dynamic VLAN Configuration
This document provides information on integrating Sophos NAC Advanced in an environment that includes
switches set up to support the 802.1x IEEE protocol. The information in this document has been tested in an endto-end scenario. Sophos testing information concludes at the point where the 802.1x authentication is complete and
the client is placed on the correct VLAN.
In this document, three virtual LANs (VLANs) are created: guest, quarantine, and all access. Configurations
involving only two VLANs are also possible and supported, but the three VLAN configurations are contained in this
document.
Cisco Switch Supported O pt ions
The Cisco® switch must support I EE E 802. 1x – VLAN Assignment to work correctly with Sophos NAC Advanced.
This feature is usually found in the Enhanced versions of the Cisco Catalyst IOSs. Some switches have different
hardware to support “enhanced” functionality; so, you should ensure the switch supports this prior to going through
the rest of the process. If you do not know if your Cisco switch supports this feature, you can use the Cisco Feature
Navigator
1. Locate the Cisco Feature Navigator tool. The location of the tool as of publication is:
2. From the Available Features section, select IEE 802.1x – VL AN Assignment, and click Add.
3. Click Continue.
®
to confirm this.
http://tools.cisco.com/ITDIT/CFN/Dispatch?act=featSelect&task=init.
4
Loading...