Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
0
Helpful
5
Replies

802.1x and DNA

Leftz
Level 4
Level 4

‎03-28-2023 11:57 AM

Hi We can configure 802.1x to limit certain user pc to access to some sw port. But when the user move to another building, he cannot access network as the sw in the second building does not have configuration for him. Is it possible for DNA to be able to resolve the issue? Thanks

0 Helpful
5 Replies 5

Preston Chilcote
Cisco Employee
Cisco Employee

‎03-28-2023 12:18 PM

Are you using ISE?  Usually ISE is responsible for pushing vlan configs down to switch ports in an 802.1x environment.  DNA plays no role, other than helping automate the dot1x config across your access switches.

0 Helpful

Leftz
Level 4
Level 4

‎03-28-2023 12:28 PM - edited ‎03-28-2023 01:00 PM

@Preston Chilcote  Thanks for your reply. user pc walk among different building and need to access network via access switch in different buildings. Without 802.1x config on switch port, administrator can control the user to access the network via DNA, ISE etc? 

0 Helpful

Preston Chilcote
Cisco Employee
Cisco Employee

‎03-28-2023 01:07 PM

You need 802.1x config to tell the access port that it needs to authenticate and authorize the user before granting access (it will then ask ISE).   Without it, the user will be given access to any port it plugs into.

0 Helpful

Leftz
Level 4
Level 4

‎03-28-2023 01:10 PM - edited ‎03-28-2023 01:12 PM

traditionally, its. we have to config 802.1x at access switch. so even if we use DNA and ISE, we still have to configure 802.1x on access switch as before? 

0 Helpful

Preston Chilcote
Cisco Employee
Cisco Employee

‎03-28-2023 01:47 PM

DNA can help you automate the configuration across all of your access devices by creating and provisioning day-n templates (or by building a full Software Defined Access fabric), but yes you still need 802.1x config on the interface.

If you want to learn more about how get the most from DNA, I recommend watching Cisco Live presentations or asking your Cisco Account Team to introduce you to a Cisco Customer Success Representative.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents