Static OSPF Redistribute

Snippet from R1 acting as ASBR with static route towards external router showing the redistribution of the external route into OSPF.


ip route weight 1
ip route enable

ip prefix-list StaticOSPFRedistribute ge 32 le 32

route-map “OSPFStatic” 1
match network “StaticOSPFRedistribute”

router ospf
as-boundary-router enable

redistribute static route-map “OSPFStatic”
redistribute static metric 10
redistribute static metric-type type1
redistribute static enable

#WARNING: Routes will not be injected until apply command is issued after enable command

ip ospf apply redistribute static

show ip route
show ip ospf redistribute
show ip prefix-list
show route-map
show route-map detail

XMC EAC with 802.1X and Windows

Create a rule for machine login that checks the computer is a domain joined machine. A Windows machine in a logged out state will add “host” in front of the hostname and in order to authenticate the machine EAC needs to perform a User lookup in Active Directory.

This lookup uses a servicePrincipalName and an LDAP authentication rule should be added which looks for host/* and searches AD using an LDAP Configuration that searches based on servicePrincipalName. This means an additional LDAP Configuration will be needed to lookup machines to validate they are allowed on the network. It can still use the same LDAP server as for User logins but the attributes will be different.

This is covered by the following GTAC solution which can be referenced and used for your own XMC EAC implementation. The key point to note is that in End Systems table the Username column will show different information for when there is nobody logged into the machine and when somebody has logged into the machine. This is why there is a need for two LDAP Configurations, one that covers Machine logins (servicePrincipalName) and one which covers Machine (cn) and User (sAmAccountName) logins.