Comments on: 802.1X and the Default VLAN http://www.seanconvery.com/weblog/2006/05/26/8021x-and-the-default-vlan/ Ruminations on Identity Management for Networks Thu, 20 Nov 2008 00:03:27 +0000 http://wordpress.org/?v=2.6 By: Sean http://www.seanconvery.com/weblog/2006/05/26/8021x-and-the-default-vlan/#comment-29993 Sean Mon, 26 Nov 2007 16:26:08 +0000 http://www.seanconvery.com/weblog/?p=26#comment-29993 A number of companies make captive portal solutions that work with 802.1X including Identity Engines. The basic idea is if you don't respond to the 802.1X query the endpoint is placed on a default VLAN that forces all traffic through the portal. A number of companies make captive portal solutions that work with 802.1X including Identity Engines. The basic idea is if you don’t respond to the 802.1X query the endpoint is placed on a default VLAN that forces all traffic through the portal.

]]> By: Dani http://www.seanconvery.com/weblog/2006/05/26/8021x-and-the-default-vlan/#comment-29420 Dani Thu, 22 Nov 2007 09:52:02 +0000 http://www.seanconvery.com/weblog/?p=26#comment-29420 I want to implement some captive portal-based solution but with the use of 802.1x, in order to assign different VLAN-IDs according to the user credentials. Do you know about some captive portal that works with 802.1x? I want to implement some captive portal-based solution but with the use of 802.1x, in order to assign different VLAN-IDs according to the user credentials.

Do you know about some captive portal that works with 802.1x?

]]> By: Sean http://www.seanconvery.com/weblog/2006/05/26/8021x-and-the-default-vlan/#comment-466 Sean Fri, 07 Jul 2006 23:48:09 +0000 http://www.seanconvery.com/weblog/?p=26#comment-466 I'm not sure specifically about HostAPd but there are a few different ways folks approach this with wireless. Most of my post had to do with wired 802.1X. For wireless many just choose to implement multiple SSIDs with one SSID for the 802.1X folks and another for the non-EAP capable clients. Some wireless vendors can automate this a bit more though their specific approaches are not completely consistent. Last I checked Cisco needed the multiple SSIDs but Trapeze could do the mapping in a more automated form. I haven't looked into HostAPd yet. I’m not sure specifically about HostAPd but there are a few different ways folks approach this with wireless. Most of my post had to do with wired 802.1X. For wireless many just choose to implement multiple SSIDs with one SSID for the 802.1X folks and another for the non-EAP capable clients. Some wireless vendors can automate this a bit more though their specific approaches are not completely consistent. Last I checked Cisco needed the multiple SSIDs but Trapeze could do the mapping in a more automated form. I haven’t looked into HostAPd yet.

]]> By: Lloyd http://www.seanconvery.com/weblog/2006/05/26/8021x-and-the-default-vlan/#comment-460 Lloyd Mon, 03 Jul 2006 17:38:00 +0000 http://www.seanconvery.com/weblog/?p=26#comment-460 We are interested in implementing this dual-layer functionality on a community wireless network using OpenSource solutions. Is it possible to implement this by running HostAPd 802.1x and NoCat (examples) on Linux APs? Any hardware could be considered, ie. WRAP boards with miniPCI radios, or all-in-one solutions like Linksys WRT54G with OpenWRT linux. We are interested in implementing this dual-layer functionality on a community wireless network using OpenSource solutions. Is it possible to implement this by running HostAPd 802.1x and NoCat (examples) on Linux APs? Any hardware could be considered, ie. WRAP boards with miniPCI radios, or all-in-one solutions like Linksys WRT54G with OpenWRT linux.

]]> By: Sean http://www.seanconvery.com/weblog/2006/05/26/8021x-and-the-default-vlan/#comment-450 Sean Thu, 22 Jun 2006 16:42:45 +0000 http://www.seanconvery.com/weblog/?p=26#comment-450 Quite a wide variety of devices support captive portal authentication. Many commercial firewalls such as Netscreen and Sonicwall support captive portal as well as newer inline security gateways from companies like Caymas. On the network infrastructure side some Cisco switches support web authentication directly instead of deploying a separate captive portal device. Additionally Airespace (now part of Cisco) has web authentication on their WLAN APs as well. There are other infrastructure players with this capability too. Lastly I'll gratuitously plug my company (Identity Engines) which has some captive portal technology for when an organization doesn't have an existing vendor of choice. Quite a wide variety of devices support captive portal authentication. Many commercial firewalls such as Netscreen and Sonicwall support captive portal as well as newer inline security gateways from companies like Caymas. On the network infrastructure side some Cisco switches support web authentication directly instead of deploying a separate captive portal device. Additionally Airespace (now part of Cisco) has web authentication on their WLAN APs as well. There are other infrastructure players with this capability too. Lastly I’ll gratuitously plug my company (Identity Engines) which has some captive portal technology for when an organization doesn’t have an existing vendor of choice.

]]> By: Andrew Jacobs http://www.seanconvery.com/weblog/2006/05/26/8021x-and-the-default-vlan/#comment-449 Andrew Jacobs Thu, 22 Jun 2006 14:42:55 +0000 http://www.seanconvery.com/weblog/?p=26#comment-449 "One viable deployment choice has this default VLAN routing traffic through a captive portal where web-based authentication can take the place of the 802.1X authentication step. Some network devices support this web authentication on their hardware directly which represents yet another choice." Do you have any suggestions for devices that provide that functionality? “One viable deployment choice has this default VLAN routing traffic through a captive portal where web-based authentication can take the place of the 802.1X authentication step. Some network devices support this web authentication on their hardware directly which represents yet another choice.”

Do you have any suggestions for devices that provide that functionality?

]]>