https://community.cisco.com/t5/network-access-control/how-to-secure-iot-devices-that-do-not-support-dhcp/m-p/4944847#M584754 <P>Hello,</P><P>We've recently deployed new site and we would like to enable dot1x authentcation on all access ports. The point is that we've got some IoT devices (such as attendance systems and access control) that do not support EAP-TLS or PEAP and do not have fully implemented TCP/IP stack. In such case they cannot obtain IP adddress via DHCP. What would be the best authentication method in this case and will it work correctly if we would like to enforce dynamic VLAN assignment via dot1x?</P><P>Thank you in advance!</P><P>&nbsp;</P> Fri, 20 Oct 2023 09:16:38 GMT lnw-team 2023-10-20T09:16:38Z https://community.cisco.com/t5/network-access-control/how-to-secure-iot-devices-that-do-not-support-dhcp/m-p/4944847#M584754 <P>Hello,</P><P>We've recently deployed new site and we would like to enable dot1x authentcation on all access ports. The point is that we've got some IoT devices (such as attendance systems and access control) that do not support EAP-TLS or PEAP and do not have fully implemented TCP/IP stack. In such case they cannot obtain IP adddress via DHCP. What would be the best authentication method in this case and will it work correctly if we would like to enforce dynamic VLAN assignment via dot1x?</P><P>Thank you in advance!</P><P>&nbsp;</P> Fri, 20 Oct 2023 09:16:38 GMT https://community.cisco.com/t5/network-access-control/how-to-secure-iot-devices-that-do-not-support-dhcp/m-p/4944847#M584754 lnw-team 2023-10-20T09:16:38Z https://community.cisco.com/t5/network-access-control/how-to-secure-iot-devices-that-do-not-support-dhcp/m-p/4944863#M584755 <P>Then that should go with Statiic IP address and MAB authentication.</P> Fri, 20 Oct 2023 09:44:09 GMT https://community.cisco.com/t5/network-access-control/how-to-secure-iot-devices-that-do-not-support-dhcp/m-p/4944863#M584755 balaji.bandi 2023-10-20T09:44:09Z