Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Scale 802.1X ACS in High Security Mode any Idea's?

Scenario

Platform ACS V 5.1.0.44

Switch 4510R with 8 48 port modules (384 ports)

802.1x authentication of the ports in High Security Mode (VLAN assignments required)

Authentication Method Cert based eap-tls to machine

we currently have 4 Data Vlans that users and assets drop into on this switch

How do I scale this as I cant differentiate the cert to distribute the users across the 4 vlans in ACS?

I think I can use unique Identity groups for the MAB of assets but the users has me really scratching my head.

1 REPLY
New Member

Re: Scale 802.1X ACS in High Security Mode any Idea's?

Looks like a Switching group has been looking at this as a possible answer for the stack switches but I cant configure vlan groups on 4510's

and would theres no config guide on how to apply it in ACS 5.1 (use attrib 81 like we do for vlan assignment?)

12.2(52)SE

IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to improve scalability of the network by load balancing users across different VLANs. Authorized users are assigned to the least populated VLAN in the group, assigned by RADIUS server.

12.2(52)SE

3750-E, 3560-E

But then you get bit with even using VLAN assignments on large stacks


When IEEE 802.1x authentication with VLAN assignment is enabled, a CPUHOG message might appear if the switch is authenticating supplicants in a switch stack.

The workaround is not use the VLAN assignment option. (CSCse22791)

330
Views
0
Helpful
1
Replies