cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
366
Views
0
Helpful
1
Replies

802.1x configuration for ISR 841M router

dngore
Cisco Employee
Cisco Employee

Hi Experts,

We are working on NAC RFP for financial customer. They have non-managed or non 802.1x supported switch at branch level. They want that NAC solution should support both scenarios, 802.1x supported switch and non-802.1x supported switch. They will replace non 802.1x supported switch eventually but till that time NAC solution should at least support user authentication. 

 

I did some research and found out that branch switches are connected to ISR 841M router or ISR 4K router lan port.

I have verified that ISR 841M router supports 802.1x. So, I believe we can authenticate users connected to switch by enabling 802.1x on lan port of 841M router. Only catch is switch authentication once we enable 802.1x on router's lan port with multi-auth mode. But I think we can pass switch authentication by using MAB method. And users will be 802.1 authenticated by using Anyconnect agent.

 

I just want to verify above solution with you for any issues or risk before proposing to customer.

 

Kindly provide your input on it.

1 Reply 1

Surendra
Cisco Employee
Cisco Employee
If i were you, I would test this hardcore in the lab before proposing such a solution to a financial customer. I don't think dot1x can work that way as it includes sending requests to a standard multicast group address 01:80:c2:00:00:03 which if the switch is not subscribed to or listening for (ex: a switch which does not support 802.1x) may drop those packets to start with. If it works, do let us know ;)