Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
70
Views
0
Helpful
0
Replies

802.1x with Certificate based authentication and MAB been unsuccessful

ashok10-mohan
Level 1
Level 1

‎04-25-2025 03:42 AM

Hi

I have established an 802.1x environment utilizing credential and certificate-based authentication by configuring the Cisco 3650 switch along with a virtual machine that includes Active Directory and Network Policy Server.

The credentials and certificate, tested on one virtual machine and one physical machine, appear to be functioning properly.

I have also evaluated scenario i.e., where 802.1x with certificate-based authentication, along with a fallback to MAC address, appears to be functioning effectively.

I intended to establish a redundant server, which has been set up with Active Directory and Network Policy Server, mirroring the same policy configurations as the primary server, and the secondary server has also been configured in the switch.

I would appreciate it if some experts could provide clarification on a few below questions I have.

  1. When the primary server is down, the authentication process should redirect to the secondary server; however, it fails because the primary server is unavailable?
  2. In the event that 802.1X certificate validation is unsuccessful and the system resorts to MAC Authentication Bypass (MAB) as an alternative method with the Network Policy Server (NPS), but NPS is inoperative or Active Directory (AD) is inaccessible for authentication verification, what other potential solutions can be implemented to verify authentication and provide access when NPS/AD/Radius is unavailable?
  3. Is it possible to utilize the 'Local Switch Authentication' method, considering that both 802.1X and MAB with NPS have been unsuccessful? The ultimate fallback option is to authenticate through the local switch. It is important to note that this configuration instructs the switch to prioritize RADIUS authentication, reverting to local authentication only if RADIUS is not accessible?
  4. Aside from the local switch authentication, are there alternative mechanisms or solutions available when both 802.1X and MAB with NPS have been unsuccessful?
  5. Alternative to Windows NPS/Radius? 

Can anyone assist me with my questions? I would appreciate it if you could share the relevant links and commands for configuration.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents