https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4694091#M577399 <P>we have some switches that can't be easily secured properly, so it would be nice to have the everything authenticate through 802.1x. Also flex connect WAPs would be amazing to have better authenticated.</P> Mon, 26 Sep 2022 19:32:47 GMT Fenix12585 2022-09-26T19:32:47Z https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687302#M577248 <P>We currently use ISE to manage 802.1x and limited mab authentication of endpoints on the network.</P><P>Is it possible to authenticate network devices as well?</P><P>For example we apply authentication configs to sw2.<BR />&nbsp; &nbsp; &nbsp; Then connect sw2 to sw1.<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Sw1 will not allow port access if SW2 does not authenticate itself with ise.</P><P>&nbsp;</P> Wed, 14 Sep 2022 18:23:26 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687302#M577248 Fenix12585 2022-09-14T18:23:26Z https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687725#M577256 <P>Yes, preferably with TACACS+.&nbsp; Are you talking about daisy chained switches or Device Administration?</P> Thu, 15 Sep 2022 09:12:12 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687725#M577256 ahollifield 2022-09-15T09:12:12Z https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687791#M577257 <P>specifically daisy chained switches.</P><P>We are pretty heavy with tacacs+ also so that wouldn't necessarily be a huge overhaul to implement. I was not aware tacacs+ could be used for more than device administration.</P> Thu, 15 Sep 2022 11:26:00 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687791#M577257 Fenix12585 2022-09-15T11:26:00Z https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687795#M577258 <P>I don’t think that would work, at least I haven’t tried, to make a device authenticate there is the port config and supplicant 802.1X config. In your case you are talking about configuring uplink trunk port for 802.1X authentication and then SW1 as supplicant…and it won’t work most likely because <SPAN>802.1X protocol is supported on both Layer 2 static-access ports and Layer 3 routed ports, but it is not supported on </SPAN><SPAN>Trunk port—If you try to enable 802.1X on a trunk port, an error message will appear.&nbsp;</SPAN></P> Thu, 15 Sep 2022 11:29:42 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687795#M577258 Ambuj M 2022-09-15T11:29:42Z https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687805#M577259 <P>It can't.&nbsp; I thought you were talking logging into the device itself.&nbsp; The setup you describe will not work with a trunk port as&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/325330">@Ambuj M</a>&nbsp;mentioned?&nbsp; What is your use-case?&nbsp; Why do you want 802.1X on links between switches?</P> Thu, 15 Sep 2022 11:43:26 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4687805#M577259 ahollifield 2022-09-15T11:43:26Z https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4694090#M577398 <P>gotcha... thank you.</P> Mon, 26 Sep 2022 19:30:35 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4694090#M577398 Fenix12585 2022-09-26T19:30:35Z https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4694091#M577399 <P>we have some switches that can't be easily secured properly, so it would be nice to have the everything authenticate through 802.1x. Also flex connect WAPs would be amazing to have better authenticated.</P> Mon, 26 Sep 2022 19:32:47 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-for-network-devices/m-p/4694091#M577399 Fenix12585 2022-09-26T19:32:47Z