Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Wired Port Authentication Questions

Hi all,

I have been reading article http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1430161 and I am trying to get my head around the type of port authentication Methods & Modes I am going to require for a Proof of Concept using a Cisco ISE as the Authentication Server.

The switchport will have a single IP Phone in a Voice VLAN and then a Single host in a Data VLAN. Reading this article, I think I should be configuring "802.1x" authentication method using "Single Host" Mode.

However will that support a Downloadable ACL dependant on the user credentials? And will it allow a restricted ACL to be downloaded if authentication of the Machine or the User fails.? I dont really want to create & manage Guest & Remediation VLANs with thier respective ACLs on every switch in my enterprise, including our remote branch offices.

Hope that makes kinda sense.

Mario

Everyone's tags (3)
1 REPLY

Wired Port Authentication Questions

No. You need "multi-domain" mode. Multi-domain means it will allow only one host in data vlan and only one host in voice vlan. It will allow the use of "downloadable ACL".

Please rate if it helps.

390
Views
0
Helpful
1
Replies
CreatePlease to create content