I'm looking for a complete list of switches which will allow 802.1x and normal (non-supplicant) enabled hosts to connect to the same ports on a switch. This is useful for areas where there are semi-open ports such as a lobby area or a library where corporate and guest users may use the same ports but you want them to have different access profiles and where it isn't expected that guests would have 802.1x configured on their system.
For instance, Enterasys and Extreme Networks both have a feature where if the switch doesn't see an EAPOL packet from the client in a certain amount of time, it puts the port into a "guest" VLAN; if it sees an 802.1x supplicant, it tries to authenticate the user via 802.1x and if they succeed, it does what the radius server tells it to do with that port (IE put the port into a certain VLAN, apply certain ACLs, etc)
Do other vendors have this sort of feature, or is it expected that a switch will do both 802.1x and MAC authentication, and the "supplicant timeout" feature is implemented with a blanket allow on the MAC authentication?
Best Answer
IIRC, Cisco switches support something similar: the port is in the guest VLAN by default, but switches to the VLAN specified by the ACS when a supplicant authenticates. The ACS can specify different VLANs for different PCs/users, too.