Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1334
Views
0
Helpful
0
Replies

Can a cisco switch itself be authenticated to a RADIUS server (Not NDAC)

c-davies
Level 1
Level 1

‎09-12-2019 09:37 AM - edited ‎02-21-2020 11:09 AM

Hello,

I have a good overview of the Cisco TrustSec NDAC idea of seed and non-seed devices using CTS 802.1x authenticating the non-seed device to ISE. However that is not what I am asking about.

 

The question is, can you authenticate a switch itself to a (IETF, call it Windows) RADIUS server.

I have an encrypted link between two switches using CTS MANUAL. The link is up, however I would like to authenticate the access switch (a non-seed in NDAC words) to something else. Maybe the key between the switches gets out and you want to be extra sure your access switch is not a rouge one. Maybe if possible we want to authenticate by serial number or MAC or even just another user/pass combination.

 

RADIUS

|

[ CORE switch sat it in its really secure hut with dogs and a guard ]

|

[ Access sat under the stairwell next to the hoover ] <-- but I want this chap to auth itself!

|

802.1x clients

 

Any ideas because, searching for anything switch authentication related just brings up ISE and maybe ISE is overkill for a single switch.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents