Wired Port Authentication Questions

marioderosa2008 — Mon, 11 Mar 2019 02:04:36 GMT

Hi all,

I have been reading article http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1430161 and I am trying to get my head around the type of port authentication Methods & Modes I am going to require for a Proof of Concept using a Cisco ISE as the Authentication Server.

The switchport will have a single IP Phone in a Voice VLAN and then a Single host in a Data VLAN. Reading this article, I think I should be configuring "802.1x" authentication method using "Single Host" Mode.

However will that support a Downloadable ACL dependant on the user credentials? And will it allow a restricted ACL to be downloaded if authentication of the Machine or the User fails.? I dont really want to create & manage Guest & Remediation VLANs with thier respective ACLs on every switch in my enterprise, including our remote branch offices.

Hope that makes kinda sense.

Mario

Wired Port Authentication Questions

Eduardo Aliaga — Sun, 13 May 2012 02:10:25 GMT

No. You need "multi-domain" mode. Multi-domain means it will allow only one host in data vlan and only one host in voice vlan. It will allow the use of "downloadable ACL".

Please rate if it helps.

topic Wired Port Authentication Questions in Network Access Control

Wired Port Authentication Questions

Wired Port Authentication Questions