Yes thanks Priscilla. I talked to a friend of mine at Cisco and he was able to dig up a tidbit. It seems to be VMPS on steroids working in conjunction with Radius and yes I have no idea why it interfers with the ability to enable highavailability but it does!!
Dot1x authenticated ports will be assigned to a vlan based on the user-name of a supplicant connected to that port.Vlan assignment to dot1x port feature works in conjunction with RADIUS server which has a database of user-name to vlan mapping. After successful dot1x authentication of user, RADIUS sends the vlan in which user needs to be given the access. Dot1x port is then configured in the vlan supplied by RADIUS. The advantage of this feature is to restrict the user to a specified vlan, for example a guest user could be configured to a vlan with limited access Thanks Dave Priscilla Oppenheimer wrote: > > You may alreedy know this, but dot1x (IEEE 802.1X) does port-based access > control. > > IEEE 802.1X provides a means for authenticating and authorizing devices > attached to a LAN port. It's a somewhat popular method for restricting > access to a switch port based on username/password combination or a > certificate. Credentials are verified by a RADIUS server. > > >From a protocol standpoint, I can't think of any reason that it would > disable high availability. This restriction must be some weird > implementation issue for the 6509 software. > > You can get the dot1x specification from IEEE, as you probably know. IEEE > now makes their standards available for free. They publish them on their Web > site after they've been available for six months in PDF format. > > See here: > > http://standards.ieee.org/getieee802/ > > _______________________________ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > MADMAN wrote: > > > > Hi all, > > > > While doing something else I stumbled upon something I > > haven't seen > > and can't find any good docs on. The platform is a 6509 with > > dual > > supII's and the command is: > > > > C6509> (enable) set dot1x ? > > system-auth-control Enable/Disable dot1x on the system > > max-req Set dot1x maximum number of > > retransmissions > > quiet-period Set dot1x quiet period > > re-authperiod Set dot1x re-authentication period > > server-timeout Set dot1x server timeout > > supp-timeout Set dot1x supplicant timeout > > tx-period Set dot1x tx period > > C6509> (enable) set dot1x > > > > I found it when trying to enable highavailability: > > > > C6509> (enable) set sys highavailability ena > > Failed to enable system high availability. > > Feature not allowed while DOT1X is enabled. > > > > Anyone have and god URLs that better describe what this > > feature is all > > about?? I can find the command description all over but not > > when and > > why I would want this feature and why is disables > > highavailability. > > > > Thanks > > > > Dave > > -- > > David Madland > > CCIE# 2016 > > Sr. Network Engineer > > Qwest Communications > > 612-664-3367 > > > > "You don't make the poor richer by making the rich poorer." > > --Winston > > Churchill -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57145&t=57109 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
