Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to do .1x port based network access authentication through ACS

How to do .1x port based network access authentication through ACS.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Hi, 802.1x can authenticate

Hi,

 

802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.

 

In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.

 

To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html

 

To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005

 

 

Regards,

Kush

Cisco Employee

check the following link for

check the following link for Port-based Authentication with ACS 5.2

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html

7 REPLIES

Request you to follow the

Request you to follow the below

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/sw8021x.html

New Member

Thanks Salodh for your quick

Thanks Salodh for your quick response

In given link i am getting only switch related part but still Radius side configuration is not clear for me, please give some more light on this related to radius (ACS) configuration. 

another config. examplehttp:/

another config. example

http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116506-configure-acs-00.html

New Member

Thanks Salodh I am still

Thanks Salodh

 

I am still little confused, in ACS i don't find any option to store users mac identity (mac address). In my knowledge .1x authentication means radius server stores all mac address and verify the user with available mac record.

Please correct me if i am wrong.

 

Bronze

Hi, 802.1x can authenticate

Hi,

 

802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.

 

In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.

 

To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html

 

To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005

 

 

Regards,

Kush

New Member

Thanks a lot kushsriva and

Thanks a lot kushsriva and salodh, i got my answer with your help.

Cisco Employee

check the following link for

check the following link for Port-based Authentication with ACS 5.2

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html

1017
Views
8
Helpful
7
Replies
CreatePlease to create content