Hi Experts,
We are working on NAC RFP for financial customer. They have non-managed or non 802.1x supported switch at branch level. They want that NAC solution should support both scenarios, 802.1x supported switch and non-802.1x supported switch. They will replace non 802.1x supported switch eventually but till that time NAC solution should at least support user authentication.
I did some research and found out that branch switches are connected to ISR 841M router or ISR 4K router lan port.
I have verified that ISR 841M router supports 802.1x. So, I believe we can authenticate users connected to switch by enabling 802.1x on lan port of 841M router. Only catch is switch authentication once we enable 802.1x on router's lan port with multi-auth mode. But I think we can pass switch authentication by using MAB method. And users will be 802.1 authenticated by using Anyconnect agent.
I just want to verify above solution with you for any issues or risk before proposing to customer.
Kindly provide your input on it.