08-01-2016 04:32 AM - edited 03-10-2019 11:57 PM
Hi,
I've been tasked with implementing security to stop unathorised devices using our LAN ports and am going to use 802.1x authentication with a Windows based NPS as the RADIUS server.
I've looked through some good documentation on implementing this from a CISCO side but one thing I'm not certain on is whether when I enable the AAA authentication and the other steps, at what point it will cause a connected device to require 802.1x authentaction?
What I want to do is enable 802.1x authencation to be required on a single port so that I can test a few scenario's with it before then applying it to all ports on the switch.
If anyone can tell me how to ensure I only apply it to specified ports that would be most appreciate.
thanks
08-02-2016 07:46 PM
None of the global commands affect individual ports at all.
Only when you apply the interface level commands do you start to require the end devices to authenticate on that specific interface.
08-19-2016 05:32 PM
Marvin is absolutely correct here (as usual) :)
To add to what Marvin already said: You can have everything configured on the switch and port but as soon as you remove the command: authentication port-control auto dot1.x will not be running on that port
Thank you for rating helpful posts!
08-19-2016 06:06 PM
indeed - you are also correct.
Thanks, Neno.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide