I am in the middle of investigating the possibilities of using 802.1x authentication for users who wish to access a physical switch port through out our organization.
I would like some insight to whether this is a viable solution and how others are currently implementing this solution.
I would like for users current Active Directory credentials to grant access to a switch port or certain VLANs based upon correct authentication.
I have ACS 3.3 already in place and could use dynamic vlans to place authorized users in a certain vlan with other go into the unsecure/guest vlan.
Please direct me in the right direction on how to implement this or why I shouldn't.
No to " shouldnot", you should configure the 802.1x for using IBNS (identity based networking services) for your users.This will give you another security layer on the network and will allow your to control the network access only to the allowed users on the network. You can intergrate the Windows AD for the user authentication Via AD. You have to use dynamic Vlan assignment with ACS to move the authenticated user to prodcution Vlan, Guest users to guest vlan and failed authenticated users to a " dummy vlan ".
Let us know the switces and the IOS that you are running on them.
Please see the link below for 802.1x configuration on Cisco switches:
HTH,Please rate if it does.