Config for 802.1x use on network switches

[Nikolaos Milas]

Hello,

We would like to enforce authentication for all clients connecting to 
our network (wired or wireless), so that when a client connects, the 
client will not be able to use the network unless it successfully 
authenticates (e.g. via web) with a valid account (LDAP-based).

We have a network based mainly on Cisco 2950/2960 switches.

We are running a central LDAP Server (openldap) where we hold user 
accounts, which are used for mail, ftp, web, Shibboleth access.

I guess we can enable 802.1x on switches and require authentication of 
clients over freeradius.

Is there a suggested sample freeradius configuration for such use? Can 
you please provide one or point me to a URL for it?

Can you share your experience and any pitfalls we should consider?

Any experiences on such use? Does this scale well (for about 20-30 
switches)? Should we consider a central management solution? (Which?)

Thanks in advance,
Nick