NeDi Community

NeDi General => News => Topic started by: sjobergh on August 28, 2015, 11:56:22 PM

Title: Suggestion
Post by: sjobergh on August 28, 2015, 11:56:22 PM
A new column in interface list that tells you if the port have dotx.1 enabled
I tried with 1.3.6.1.4.1.9.9.220.1.8.6.1.1 and it seems to work

"Cisco Port Access Entity (PAE) module for managing IEEE Std 802.1x. This MIB provides Port Access Entity information that are either excluded by IEEE8021-PAE-MIB or specific to Cisco products."

 To easily see and do a report for all switches is worth a lot when you are doing security compliance reports
Title: Re: Suggestion
Post by: rickli on August 29, 2015, 01:12:59 AM
Good one, tx...and on my todolist for years. Can you test whether this one works as well with your devices: 1.0.8802.1.1.1.1.2.1.1.5
Title: Re: Suggestion
Post by: sjobergh on August 31, 2015, 12:21:20 AM
I will test that,  and others,,  doing that on old 2960 with ver 12 and ver 15,  new 2960S/X and plus series with ver 15, and 3750 series with ver 12 and ver 15
 
Title: Re: Suggestion
Post by: sjobergh on September 03, 2015, 02:50:25 AM
I have tested some different switches and IOS version,  this is my result

Switchtype   IOS      1.3.6.1.4.1.9.9.220.1.8.6.1.1   1.0.8802.1.1.1.1.2.1.1.6   1.0.8802.1.1.1.1.2.1.1.5   1.3.6.1.4.1.9.9.220.1.1.1.2
Catalyst-2960-48-TCL   122-52.SE.bin      OK       OK           Not Ok   OK
WS-C2960-48TT-L   122-52.SE.bin      OK       OK           Not Ok   OK
WS-C3750-48PS-S    122-52.SE.bin      OK       Ok                   Not Ok   OK
WS-C2960S-48LPS-L   150-2.SE2.bin      OK       Not Ok           Not Ok   OK
C2960S-24TS-S   150-2.SE2.bin              OK       Not Ok           Not Ok   OK
WS-C2960S-48TS-L   150-2.SE2.bin      OK       Not Ok           Not Ok   OK
WS-C2960G-48TC-L   150-2.SE5.bin      Not Ok   Not Ok           Not Ok   OK



Not easy to read but the best OID (for me) is 1.3.6.1.4.1.9.9.220.1.1.1.2
It gives three results,  1,3,4   Four is tells me that we use 802.1x,   others false

Next opportunity is to find ports that is "Sticky"
Title: Re: Suggestion
Post by: rickli on December 06, 2019, 11:48:15 AM
Reviving this old thread, due to customer requests :-)

As time has passed and dot1X seems to be more standardized now, NeDi 2.0 will read 1.0.8802.1.1.1.1.2.1.1.5.
The interfaces table received a new "Security Status" column to hold the results...
Title: Re: Suggestion
Post by: swepart on December 10, 2019, 06:56:39 AM
Tnx
Thats really something I am looking forward to.