ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
fairfranco
New Member
Posts:
1
Joined:
Mon Aug 01, 2016 8:43 am

802.1x implemenation - applying to single port

Mon Aug 01, 2016 9:44 am

Hi,

I've been tasked with implementing security to stop unathorised devices using our LAN ports and am going to use 802.1x authentication with a Windows based NPS as the RADIUS server.

I've looked through some good documentation on implementing this from a CISCO side but one thing I'm not certain on is whether when I enable the AAA authentication and the other steps, at what point it will cause a connected device to require 802.1x authentaction?

What I want to do is enable 802.1x authencation to be required on a single port so that I can test a few scenario's with it before then applying it to all ports on the switch.

If anyone can tell me how to ensure I only apply it to specified ports that would be most appreciate.

thanks

hubertzw
New Member
Posts:
8
Joined:
Tue Jan 11, 2011 9:05 am

Re: 802.1x implemenation - applying to single port

Thu Dec 22, 2016 8:41 pm

It will only work on interfaces where you enable the feature. One example from Cisco doc:

Device> enable
Device# configure terminal
Device(config)# dot1x system-auth-control
Device(config)# aaa new-model
Device(config)# aaa authentication dot1x default group radius
Device(config)# interface fastethernet2/1
Device(config-if)# switchport mode access
Device(config-if)# authentication port-control auto
Device(config-if)# dot1x pae authenticator
Device(config-if)# end

http://www.cisco.com/c/en/us/td/docs/io ... x-pba.html

'

Return to Cisco Security

Who is online

Users browsing this forum: JackRow and 35 guests