Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS authentication question

I have a Cisco Secure ACS giving port access to approved MACs.  I am wondering how the process works.  We recently replaced all the PCs in our organinzation.  After the new PCs were deployed, we removed all the MACs from the ACS.  I noticed today that the old MACs are listed on the switch as a static entry (as are the new ones).  I am wondering if it being on that static list, will they be allowed on the network?  Or will they try to authenticate each time they are plugged into the switch? 

The switch is a 2960 running 12.2(53r)SE, port configuration is:

interface GigabitEthernet1/0/xx

     sw access vlan 2

     sw mode access

     authentication control-direction in

     authentication host-mode multi-auth

     authentication port-control auto

     mab

     spanning-tree portfast

end

Everyone's tags (2)
4 REPLIES

ACS authentication question

Robert,

The static mac address entries is a normal entry when a client passes dot1x authentication. If you bounce the port and the host entry is not present in ACS then the attempt should fail and you will not see mac address at all.

If you remove "authentication port control auto" from the port (which disables dot1x) then you will see the dynamic entries like you did before.

This is a known feature of dot1x and the way it interfacts with the mac address table. Some other switches like 4500s in my experience still show dynamic entries which may be a little confusing.

hope that helps!

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

ACS authentication question

Bouncing the port worked.  I guess this is just what I will need to do as long as there are small hubs connected to the switch due to not having enough drops at the users desktop.

ACS authentication question

Hi,

You can also configure periodic reauthentication:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1374080

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

ACS authentication question

That will work great.  Thanks...again.

405
Views
10
Helpful
4
Replies
CreatePlease to create content