I am implementing ISE and have run into several locations that have used consumer brand 4 ports switches to connect multiple workstations on one cable. I realize there is a list of supported Cisco switches for ISE, but I was wondering if anyone has used a lower end Cisco or other vendor switch (i.e. Cisco SG200-08 or SF300-08) to do basic authentication against ISE as it relates to enabling the port once the 802.1x authenitcation is passed?
Realize this is a bit vague, just looking for anyone with practical experience with this.
I have not configured dot1x for the mentioned switches, if the switches do support dot1x you should be able to do basic authentication. If there are multiple endpoints on the same port, you should use the Multi-Auth host mode on switchport. Also you will have to choose an authentication method that is supported by the endpoints.
• Network security: Cisco 200 Series switches provide basic security and network management features you need to maintain a level of security for your business, keep unauthorized users off the network, and protect your business data. The switches provide integrated network security to reduce the risk of a security breach, with IEEE 802.1X port security to control access to your network.
802.1X: RADIUS authentication and accounting, MD5 hash
There wont be CoA and authorization, you may apply manual ACL on switchport for the controlled access.
the answer to your post, yes you should be able to do basic dot1x authentication.
I agree with Mudasir that " If the switches do support dot1x you should be able to do basic authentication. If there are multiple endpoints on the same port, you should use the Multi-Auth host mode on switchport. "
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...