cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

623
Views
0
Helpful
0
Replies
Highlighted
Beginner

Can a cisco switch itself be authenticated to a RADIUS server (Not NDAC)

Hello,

I have a good overview of the Cisco TrustSec NDAC idea of seed and non-seed devices using CTS 802.1x authenticating the non-seed device to ISE. However that is not what I am asking about.

 

The question is, can you authenticate a switch itself to a (IETF, call it Windows) RADIUS server.

I have an encrypted link between two switches using CTS MANUAL. The link is up, however I would like to authenticate the access switch (a non-seed in NDAC words) to something else. Maybe the key between the switches gets out and you want to be extra sure your access switch is not a rouge one. Maybe if possible we want to authenticate by serial number or MAC or even just another user/pass combination.

 

RADIUS

|

[ CORE switch sat it in its really secure hut with dogs and a guard ]

|

[ Access sat under the stairwell next to the hoover ] <-- but I want this chap to auth itself!

|

802.1x clients

 

Any ideas because, searching for anything switch authentication related just brings up ISE and maybe ISE is overkill for a single switch.

0 REPLIES 0