https://community.cisco.com/t5/network-security/the-contradictory-task-of-authentication/m-p/2812604#M915605 <P>Hello!</P> <P>I have a contradictory task. There is authentication with certificates (EAP-TLS) in my network. But at the same time I need to connect some devices without authentication, because some engineers need to set a lot of equipment (for example, switches, access points, servers...) MAB isn't a solution, because that is mean that every device (including&nbsp; devices connected only once).</P> <P>My colleague suggested solution. There is a script on a every user's PC authenticated with certificates. This script allow to connect to Cisco switch and "no shutdown" needed static access port. If device disconnected from the network port shutdown.&nbsp; The engineer wanted to connect device run the script on his computer.</P> <P>Have you any other ideas?</P> <P>Thank you for your help!</P> Fri, 21 Feb 2020 13:39:09 GMT Anna_Katona 2020-02-21T13:39:09Z https://community.cisco.com/t5/network-security/the-contradictory-task-of-authentication/m-p/2812604#M915605 <P>Hello!</P> <P>I have a contradictory task. There is authentication with certificates (EAP-TLS) in my network. But at the same time I need to connect some devices without authentication, because some engineers need to set a lot of equipment (for example, switches, access points, servers...) MAB isn't a solution, because that is mean that every device (including&nbsp; devices connected only once).</P> <P>My colleague suggested solution. There is a script on a every user's PC authenticated with certificates. This script allow to connect to Cisco switch and "no shutdown" needed static access port. If device disconnected from the network port shutdown.&nbsp; The engineer wanted to connect device run the script on his computer.</P> <P>Have you any other ideas?</P> <P>Thank you for your help!</P> Fri, 21 Feb 2020 13:39:09 GMT https://community.cisco.com/t5/network-security/the-contradictory-task-of-authentication/m-p/2812604#M915605 Anna_Katona 2020-02-21T13:39:09Z https://community.cisco.com/t5/network-security/the-contradictory-task-of-authentication/m-p/2812605#M915606 <P>If they are connecting that many devices why just allocate them a permanent port that has authenticated disabled? &nbsp;Everyone will then know that is the port used for testing and setting up kit.</P> <P></P> <P>It almost sounds to be like you need to setup a QA network separate from the main production network.</P> Wed, 30 Dec 2015 03:48:30 GMT https://community.cisco.com/t5/network-security/the-contradictory-task-of-authentication/m-p/2812605#M915606 Philip D'Ath 2015-12-30T03:48:30Z