Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE question about switches

I am implementing ISE and have run into several locations that have used consumer brand 4 ports switches to connect multiple workstations on one cable.  I realize there is a list of supported Cisco switches for ISE, but I was wondering if anyone has used a lower end Cisco or other vendor switch  (i.e. Cisco SG200-08 or SF300-08) to do basic authentication against ISE as it relates to enabling the port once the 802.1x authenitcation is passed?

Realize this is a bit vague, just looking for anyone with practical experience with this.

Thanks

  • AAA Identity and NAC
2 REPLIES
New Member

ISE question about switches

I have not configured dot1x for the mentioned switches, if the switches do support dot1x you should be able to do basic authentication. If there are multiple endpoints on the same port, you should use the Multi-Auth host mode on switchport. Also you will have to choose an authentication method that is supported by the endpoints.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps11229/data_sheet_c78-634369.html

• Network security:  Cisco 200 Series switches provide basic security and network management  features you need to maintain a level of security for your business,  keep unauthorized users off the network, and protect your business data.  The switches provide integrated network security to reduce the risk of a  security breach, with IEEE 802.1X port security to control access to  your network.

and

802.1X: RADIUS authentication and accounting, MD5 hash

There wont be CoA and authorization, you may apply manual ACL on switchport for the controlled access.

the answer to your post, yes you should be able to do basic dot1x authentication.

HTH

New Member

ISE question about switches

I agree with Mudasir that " If the switches do support dot1x you should be able to do basic authentication. If there are multiple endpoints on the same port, you should use the Multi-Auth host mode on switchport. "

224
Views
0
Helpful
2
Replies
This widget could not be displayed.