Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

[ISE]Does Multi-auth work for hub only? How about switch?

I need to use 2960s lanlite version as a access switch, but this model can do nothing with posture and web auth.

So I have to use multi-auth instead on compact switch for endpoint auth.

But I noticed only HUB can work with multi-auth.

Is there any solution for my requirement?

Everyone's tags (3)
8 REPLIES

[ISE]Does Multi-auth work for hub only? How about switch?

[ISE]Does Multi-auth work for hub only? How about switch?

Multi-auth is designed when there are multiple endpoints connected to the same switchport and you want only one endpoint to authenticate. If one endpoint authenticates succesfully then all the other endpoints will enter the network without authentication.

So, when are multiple endpoints connected to a switchport ? Certainly when using a hub, but also when an automous access point, a laptop will multiple virtual machines, or even a switches connects to a switchport configured with 802.1x

Please rate if this helps

New Member

[ISE]Does Multi-auth work for hub only? How about switch?

multi-auth-Allow one client on the voice VLAN and multiple authenticated clients on the data VLAN. Each host is individually authenticated.

A manual said this.

[ISE]Does Multi-auth work for hub only? How about switch?

Yes you're right, I was thinking of "multi-host" instead of "multi-auth". Sorry for the confusion

Re:[ISE]Does Multi-auth work for hub only? How about switch?

Hi you cannot use dot1x for hosts connected on a switch that is capable of spanning tree. The dot1x supplicant send frames to a reserved destination Mac that falls within the spanning tree range.

Basically any frames for dot1x are dropped from the switch behind the port.


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
New Member

[ISE]Does Multi-auth work for hub only? How about switch?

So maybe I can make 802.1x work by disablling STP?

And if my access switchs use default configuration, should I disable STP on vlan1?

New Member

[ISE]Does Multi-auth work for hub only? How about switch?

ADDITION:

I use 2960s as access switch, and haven't changed stock configuration.

Should I configurate it to make it work?

Re:[ISE]Does Multi-auth work for hub only? How about switch?

You shouldnt have to worry about your main switch. Just the switch plugged in behind it. Also make sure you have proper protection in place so a loop doesnt affect the rest of your network.


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
1262
Views
0
Helpful
8
Replies
CreatePlease to create content