Implementing IEEE 802.1X Standard over wired Ethernet LAN

Similar Messages

• MF4770n Linux Printing Over Wired Ethernet

  Having a problem printing from Linux over the wired network to my MF4770n. CUPS finds the printer over the network just fine (I've tried all 3 connection options offered). CUPS reports the test prints finished OK. The printer wakes up from sleep and does nothing. No error messages on printer nor CUPS log.
  Distro's tried: Debian Wheezy & Jessie, Ubuntu 14.04
  Drivers installed: Both latest CUPS & UFRII DEB's from Canon website.
  Any help would be appreciated

  I'm no expert but I don't think you can print from your wired Mac via the router- I had a similar problem a while ago. Now I have my printer connected to the express via usb that is shared by my laptops wirelessly. I also have an iMac connected to the express via ethernet that works fine too.
  I think the printer has to be connected directly to the express, not through a router.
  Hope this helps!

• AirTunes over Wired Ethernet Port

  I seem to be finding conflicting information on this so I hope to ask a simple question. Can the AE be configured as a Wireless AP (but also wired back in to the home network in bridged mode, NAT off, DCHP Off) and still allow users on the wired side or on other APs to see AirTunes.
  To date my testing finds this is not possible as I can see AirTunes from any client connecting through the AE but can not see AirTunes from any client on the home network either wired or wireless. Everything is the latest version and I can ping the AP from any device on the home network. Simple test result is Laptop connect wireless to AE works fine, same Laptop connect to other AP or wired directly does not work.
  I do understand I can configure the AE as a client, but then I loose the AP functionality of the AE. Am I missing something or is this simply not possible?
  John

  If you configure the AirPort Express as a bridge connected by ethernet to your main router, and set the Express up to create a wireless network with exactly the same wireless network name, security and password as your "main" network, you will in effect have a larger wireless network and you should be able to "see" all your devices.. Computers will automatically connect to the access point with the strongest signal, which will normally be the closest device.
  Be sure to enable AirTunes, of course on the AirPort Express.

• IEEE 802.11k roaming with client and cisco router

  I found information that Cisco supports IEEE802.11k WLAN standard with their routers.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/release/ios_xe_33/11rkw_DeploymentGuide/b_802point11rkw_deployment_guide_cisco_ios_xe_release33/b_802point11rkw_deployment_guide_cisco_ios_xe_release33_chapter_010.html
  If read this article I think for assisted roaming I only need neigbor reports but IEEE 802.11k standard also defines several reports like channel load report etc.
  Do I need these other reports also for roaming decisions if my device is a client?

  The reason why you can't remote desktop is because you have configured the following static PAT statement that unfortunately take precedence over your NAT exemption:
  ip nat inside source static tcp 10.10.1.2 3389 192.198.46.14 3389 extendable
  Do you require RDP with the public IP? if you don't and only require RDP via VPN, then please take the static PAT statement out, and RDP via VPN will work.

• IEEE 802.1ad / 0x88a8

  I have moved to another vendor at my edge, and I have continued to use 0x8100 as my ethertype which seems to play nice except for when a customer has a native vlan1 setup.
  Vlan1 will get tagged into my SVLAN 301, but Cisco sees it as an incorrect BPDU, and shuts down the port. I also see customer CDP neighbor information, and other stuff when the customer doesnt prune his network down, or uses vlan1 on transparent lan services.
  My new vendor told me to use the IEEE 802.1ad standard for the outter tag, (ethertype 0x88a8), but Cisco doesnt support it. Does anyone know why Cisco is not following the IEEE 802.1ad standard for provider bridges (Q-Q) tagging on the ME3400 series? I know they developed their own proprietary GBPT protocol for handling of L2 protocols but that doesnt help me now.
  Just some quick searching, shows that the 7600 is supported with 12.2SR. ME3400's are not, its a 'future' release, but I dont know how long ago that document was written.
  *May 10 18:30:30 MST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
  *May 10 18:30:31 MST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet1/0/1 VLAN301.
  *May 10 18:30:31 MST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/1 on VLAN0301. Inconsistent local vlan.
  show spanning-tree vlan 301
  VLAN0301
  Spanning tree enabled protocol rstp
  Root ID Priority 4397
  Address 0017.5aaf.f200
  This bridge is the root
  Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec
  Bridge ID Priority 4397 (priority 4096 sys-id-ext 301)
  Address 0017.5aaf.f200
  Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec
  Aging Time 300
  Interface Role Sts Cost Prio.Nbr Type
  Gi1/0/1 Desg BKN*4 128.1 P2p *PVID_Inc
  Gi1/0/2 Desg BKN*4 128.2 P2p *PVID_Inc

  Currently, the default ether type is 0x8100 on a Cisco 7600 for the Q-in-Q outer tag. However, a few non-Cisco vendors use 0x9100 or 0x9200 ether type for the Q-in-Q outer tag. For Cisco 7600 router to operate seamlessly with other vendors it is required to provide a mechanism to change the default ethertype.
  Moreover, there is a need to support ethertype 0x88A8 to support provider bridge defined by IEEE 802.1ad. Custom ethertype feature is proposed as a solution for this problem that enable change of ethertype as per requirements. Under the custom ethertype model, ethertype 0x9100, 0x9200 and 0x88A8 can be configured using "dot1q tunneling" CLI under a physical port.
  Benefits
  The explanation for the error message:
  %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on [chars]
  [chars].
  Explanation The specified interface has received a Shared Spanning-Tree Protocol (SSTP) bridge protocol data unit (BPDU) that was missing the VLAN ID tag. The BPDU has been discarded.
  Recommended Action If this message recurs, copy the error message exactly as it appears on the console or in the system log, call your Cisco technical support representative, and provide the representative with the gathered information.

• National Instruments PXI with IEEE 802.15.4 standard (ZigBee)

  Bonjour,
  En fait, je travaille sur  un projet qui a pour but d’implémenter un émetteur/récepteur Zigbee en bande de base reconfigurable sur la plateforme d'évaluation XUPV5-LX110T qui embarque un Virtex 5. Je suis actuellement dans la phase de test réel.
  Premièrement, Je veux envoyer mes données venant d’un pc vers un FPGA et de les recevoir (pour traiter mes signaux sur Matlab). Est-ce-que cette tâche est faisable ou non ? Y a-t-il une solution pour ça en utilisant un média de communication (la liaison série par exemple)
  Deuxièmement, Y a-t-il un équipement de mesure et de test de National Instruments à l’aide des PXI qui supporte le protocole sans fil Zigbee ou autrement la norme IEEE 802.15.4 (à savoir RF Vector Signal Generator et Vector Signal Analyzer) de la partie frontale analogique que ce soit en émission ou en réception?
  Et merci d’avance pour tout le monde.
  Hello,
  In fact, I'm working on a project which aims to implement a reconfigurable Zigbee tranceiver on XUPV5-LX110T Evaluation platform which integrates a Virtex 5 FPGA. I am currently in the phase of real test.
  First, I want to send my data from a PC to FPGA and receive it (to treat my signals on Matlab). Is this possible or not? If yes, Is there a solution for it using a medium of communication (e.g. serial link)
  Second, is there a measuring equipment and testing National Instruments using PXI which supports the Zigbee wireless protocol or otherwise IEEE 802.15.4 standard (i.e. RF Vector Signal Generator and Vector Signal Analyzer) of the analog front-end either in transmission or reception?
  And thanks a lot in advance for everyone.

  Hello,
  I am not sure what data you will be collecting, or how you intend on using the board. Perhaps you can explain your application a little bit more?
  Is the FPGA code already developed for your application with the XUPV5-LX110T board? As long as the developed FPGA code is able to communicate with your PC via whatever protocol you choose, then you can use that as a channel to send data back and forth. Since the board is capable of many different I/O connections, you can pretty much sending/receive data over which ever connection you prefer, Ethernet, RS-232, etc.
  Just to clear up any confusion, if you do not already have FPGA code for the board, this is not something you would be able to develop with LabVIEW FPGA programming. The XUPV5-LX110T board is not supported for programming its FPGA using LabVIEW FPGA. You can however, program in labVIEW to communicate data back and forth with the I/O you have chosen to connect with to your PC, such as Ethernet or RS-232, as mentioned above.
  As far as measuring equipment NI offers for testing with the Zibee (IEEE 802.15.4) wireless protocol in the PXI platform, if your application requires you to both transmit to, and received from the board, and then you would need either both a Vector Signal Generator and Vector Signal Analyzer, or a Vector Signal Transceiver. See the list below for some examples of what we have to offer.
  VSAs: NI PXI-5661, NI PXIe-5663E
  VSGs: NI PXI-5671, NI PXIe-5672/5673E
  VSTs: NI PXIe-5644R/5645R/5646R
  From my knowledge of ZigBee, you would be capable of communicating with the board using any of these devices.
  Matthew R.
  Applications Engineer
  National Instruments

• Aironet 1100 / 802.3af Power Over Ethernet (POE) Support

  I was under the impression that the Aironet 1100 supports 802.3af POE. I purchased a NetGear FS108P POE switch, however, when I plug in the 1100, it does not receive any power.
  I have seen references in the documentation to a Cisco inline power injector and a Cisco Catalyst switch that can provide POE to the 1100 and maybe they will work, however, will the 1100 only work with those devices?? If so, it would seem that the 1100 really doesn't support the 802.3af standard and that Cisco's implementation of POE is proprietary.
  Any input would be appreciated.
  Thanks,
  Michael

  Hi Michael,
  As you have discovered (unfortunately) is that the 1100 only supports Cisco Pre-standard PoE :( Have a look;
  Single 802.11g radio offering 54 Mbps of capacity
  2.4 GHz integrated diversity dipole antennas
  Available in an autonomous version only
  16 MB of memory with 8 MB of storage
  Operating temperature range of 32 to 104?F (0 to 40?C)
  **Inline power support (Cisco pre-standard)**
  From this doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod_brochure0900aecd8035a015.html
  The good news is that either of the options you listed will work just fine. I would go for the power injector probably just for neatness sake.
  POWERING OPTIONS
  The Cisco Aironet 1100 Series can be powered either locally using the AC-DC power adapter, or over the Ethernet cable when coupled with a device capable of delivering in-line power, such as an in-line power-capable Cisco Catalyst? switch, Catalyst in-line power patch panel, or Cisco Aironet Power Injector.
  The AC-DC power adapter is included with the access point and can also be ordered as a spare part. The Cisco Aironet Power Injector can either be configured to the order or can be ordered separately.
  You can use either;
  AIR-PWR-A= Cisco Aironet Power Supply-Input 110-240VAC, Output 48VDC, 380 mA-for 1100 and 1200 Series
  AIR-PWRINJ3= Cisco Aironet Power Injector for the 1100 and 1200 Series Access Points
  From this doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_data_sheet0900aecd8045690f.html
  Hope this helps! And good luck!
  Rob
  Please remember to rate helpful posts.....

• 802.1x/PEAP over Ethernet

  I am trying to setup 802.1x PEAP in my home lab. I have:
  a windows 2003 enterprise server with SP2 and latest patches running as
  Active Directory, DHCP, DNS, WINS. The AD domain name is LAB.
  The windows 2003 is also running Cisco ACS 4.0.1 with a self-signed
  certififcate. I can log into the box https://PEAP8021x:2002 so the cert
  works. I also configure the ACS so that it can also use AD accounts for
  authentication
  Cisco Catalyst 2960 running IOS version flash:c2960-lanbase-mz.122-25.SEE2.bin.
  This version supports 802.1x
  A couple of WindowsXP with Service Pack 2 and latest patches that will act as
  clients for the domain LAB.
  Everything is connected to the Catalyst switch 2960 via CAT-5 cables.
  I would like to accomplish something very simple. Before user(s) on
  WinXP can even access the domain LAB, the winXP machine must be
  authenticated with Cisco ACS with username/password on the AD Server
  so that the machine can be placed in the correct VLAN(s). If this is just
  a visitor and their machine is plugged into my network, authentication will
  fail and they will be put in a guest VLAN where the only connection they have
  will be acess to the Internet and that will be it. All the information will be pushed
  out to the catalyst from the Cisco ACS
  Can someone help me out on how to get this done? Thanks.

  Hi,
  You would need to do following :
  - Machine authentication with user authentication( This part is tricky on WinXP, you may get intermittent results)
  Something to help you:
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
  "SupplicantMode"=dword:00000003
  "AuthMode"=dword:00000001
  - Machine Access Restriction (MAR)(its on ACS)
  - guest vlan or auth-fail-vlan
  Wired 802.1x:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a18.shtml
  Configuring IEEE 802.1x Port-Based Authentication:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea7/scg/sw8021x.htm
  Regards,
  Prem

• I have a new MBRP. On wired ethernet it can be used as a wireless hotspot. Since 802.11ac gets better range I'd like to use it with 802.11ac as a hotspot for my older 802.11g/ndevices. Can I do that ?

  I know that if I use wired ethernet then the  MBRP can be a wirelss hotspot for other devices. Since the MBRP supports 802.11ac and I have a new 802.11ac wireless router it gets much better range than my older 802.11/n devices.  There are places in teh house where the MBRP connects to the wireless but where older 802.11g/n devices lare out of range. In those rooms I'd like to use my MBRP connected to the network wirelessly using 802.11ac as a hotspot for the nearby 802.11 g/n devices. Anyone know if that can be done and how to do it ?

  Turn on Internet Sharing in Sharing preferences. Share the Ethernet connection to wireless.

• How about joining IEEE 802.1X wired client to a AD domain ?

  http://technet.microsoft.com/en-us/library/bb727033.aspx
  This nice Technet link says clearly that there is three methods could be used for joining Wireless IEEE 802.1X client to a domain. Do these methods also apply for joining Wired IEEE 802.1X clients to a domain ?

  Hi,
  In some cases, routers or firewalls drop packets because they are configured to discard packets that require fragmentation.
  Did you use NPS for authentication?
  Follow this procedure to lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy.
  Configure the EAP Payload Size
  http://technet.microsoft.com/en-us/library/cc755205%28v=ws.10%29
  Hope this helps.

• PPPoE Over IEEE 802.1Q VLANs in 12.4T

  I am trying to configure PPPoE Over IEEE 802.1Q VLan on a 2811 router with (C2800NM-SPSERVICESK9-M), Version 12.4(24)T8
  PPPoE client on FastEthernet0/0 works fine.
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  But PPPoE session is not established on a subinterface with encapsulation dot1Q. It is not even trying to connect to the PPPoE server.
  Cisco Feature Navigator says that this feature was added in 12.4T.
  Can anybody confirm that 'PPPoE over IEEE 802.1Q VLANs' feature works fine on this IOS?
  Thank you in advance!

  Below works fine.
  vpdn enable
  vpdn-group 1
  request-dialin
  protocol pppoe
  bba-group pppoe global
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  But the same doesn't work over the subinterface:
  interface FastEthernet0/0.2
  encapsulation dot1Q 2
  pppoe enable group global
  pppoe-client dial-pool-number 1

• National Instruments PXI avec IEEE 802.15.4 standard

  Bonjour,
  En fait, je travaille sur  un projet qui a pour but d’implémenter un émetteur/récepteur Zigbee en bande de base reconfigurable sur la plateforme d'évaluation XUPV5-LX110T qui embarque un Virtex 5. Je suis actuellement dans la phase de test réel.
  Premièrement, Je veux envoyer mes données venant d’un pc vers un FPGA et de les recevoir (pour traiter mes signaux sur Matlab). Est-ce-que cette tâche est faisable ou non ? Y a-t-il une solution pour ça en utilisant un média de communication (la liaison série par exemple)
  Deuxièmement, Y a-t-il un équipement de mesure et de test de National Instruments à l’aide des PXI qui supporte le protocole sans fil Zigbee ou autrement la norme IEEE 802.15.4 (à savoir RF Vector Signal Generator et Vector Signal Analyzer) de la partie frontale analogique que ce soit en émission ou en réception?
  Et merci d’avance pour tout le monde.

  Bonjour,
  Si vous utilisez LabVIEW ou Lab/WindowsCVI ou n'importe quel logiciel National Instruments et nos cartes FPGA c'est tout à fait possible de le faire.
  En ce qui concerne la norme IEEE 802-15.4 vous pouvez communiquer avec un PXI 5660 par exemple.
  Accelerating ZigBee and 802.15.4 Module Testing with LabVIEW and an NI RF Vector Signal Analyzer /
  http://sine.ni.com/cs/app/doc/p/id/cs-744
  Brice S.
  National Instruments France

• Migration to 802.1x for large scale Ethernet network

  Hi all,
  I have a very large wired-only Ethernet network which I would like to migrate to 802.1x for stronger authentication of end users. The problem I have is that there are long chains of legacy swtiches which do not support 802.1x (the topology of the network is a complete tree of switches). As far as I know, 802.1x is port based.
  So here is the issue:
  - the replacement of all switches will take a very long time, but I would like to have all end users authenticated asap
  - switches supporting .1x will initially only be located at the roots of the tree. There will still be legacy switches not supporting .1x between end users and newer switches.
  - authentication of users on a port of a new switch will be shared between several end users.
  Do you know if it possible to enable authentication of all users but having only enabled 802.1x in some more central locations first?
  Cheers,
  Benoit

  IEEE 802.1x Authentication
  These are the IEEE 802.1x authentication configuration guidelines:
  ?When IEEE 802.1x authentication is enabled, ports are authenticated before any other Layer 2 or Layer 3 features are enabled.
  ?If you try to change the mode of an IEEE 802.1x-enabled port (for example, from access to trunk), an error message appears, and the port mode is not changed.
  ?If the VLAN to which an IEEE 802.1x-enabled port is assigned changes, this change is transparent and does not affect the switch. For example, this change occurs if a port is assigned to a RADIUS server-assigned VLAN and is then assigned to a different VLAN after re-authentication.
  If the VLAN to which an IEEE 802.1x port is assigned to shut down, disabled, or removed, the port becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned shuts down or is removed.
  Try these links:
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00805a64d7.html#wp1025090
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00801d11a4.shtml

• PEAP encryption over wired network?

  I have Wicd in LXDE and loving it, but the problem is there isn't wireless availability in my room. So I'm trying to find a way to connect to PEAP over wired, an issue which the Wicd people say they've never run into.
  The example configs and everything else seems to be geared toward wireless, but there's almost nothing I can find for encryption over wired, and frankly I can't do EVERYTHING in the building lobby.
  ----------FIXED----------
  I had Arch before and liked it just dandy, but switched for a little while to Ubuntu. Now I'd like to try it again, but I've got a problem: I'm on a University network and both the hardwire and the wireless are encrypted. The wireless is WPA enterprise and the wired is 802.1x, both are PEAP Version 0 with MSCHAPv2.
  I had absolutely no problem getting Arch setup back home when I could use the ethernet cable and get everything downloaded/installed, then I'd throw Wicd into the mix and bingo bango I'm set up. Problem is all my googling and searching has given me no indication of how to proceed with installation if my network requires authentication. It's proving a bit of a roadblock.
  -------END OLD PROBLEM---------
  Last edited by SomeGuyDude (2008-10-20 05:57:10)

  We have a simmilar setup at our dorms, and my config looks like this for wpa_supplicant
  network={
  key_mgmt=IEEE8021X
  eap=PEAP
  phase1="peaplabel=0"
  phase2="auth=MSCHAPV2"
  ca_cert="/path/to/root.crt"
  identity="" #your username
  password="" #your password
  Use the wired driver, and it should work.
  Last edited by Cheesebaron (2008-11-10 22:34:30)

• Reliability  on airport connection vs wired ethernet

  Hi all,
  I'm 98% leaning toward connecting an Airport Extreme router for 1 Dell,5 Macs. My wife works from home on her Dell so she needs a reliable connection without interference or very minimal interference. How far apart the machines can be without loosing any signals? Can I get your pros & cons feed backs please?
  Thanks
  Web dude

  In a nutshell, Ethernet Connection is going to be the fastest and most reliable.
  Wireless is a little more indepth.
  It boils down to the computers you use, the wireless cards that are in each computer and what draft cards are in each from the older to the newer.
  802.11b
  802.11g
  or the newest 802.11n
  Remember hard wired is always going to be the fastest with the least interference.
  Don