09-20-2016 04:31 AM - edited 03-11-2019 12:05 AM
Hi experts,
is it possible to integrate Cisco 3850 switch with Active Directory so that users can be authenticated via AD before accessing the network.
I am confused between integrating the switch with AD and ACS. I know that ACS will be used for Management access authentication.
Appreciate if someone can clarify this point for me.
thanks,
Haitham Jneid
Solved! Go to Solution.
09-20-2016 01:22 PM
ACS to be integrated with AD to retrieve user/group database - Yes
dot1x is to be configured between switch and ACS- Yes and in ACS, like I said, that's where you will configure dot1x authentication and authorization policies.
in this case wired users once they plug their laptop on a switch port enabled for dot1x authentication, the switch will contact ACS and ACS has already the database from AD. ACS will check if the user is in the database and allow access or not. Yes based on your dot1x authentication and authorization policies.
***Please rate and mark the comment correct if you find it helpful***
09-20-2016 05:10 AM
Hi,
ACS integrates with AD not the switch. It is in ACS where you will configure dot1x authentication and authorization policies. You will configure the switch for dot1x to talk to ACS.
HTH
***Please rate and mark the comment correct if you find it helpful***
09-20-2016 05:43 AM
Hi,
Appreciate your Valuable support,
please just confirm if I understand your answer,
ACS to be integrated with AD to retrieve user/group database
dot1x is to be configured between switch and ACS
in this case wired users once they plug their laptop on a switch port enabled for dot1x authentication, the switch will contact ACS and ACS has already the database from AD. ACS will check if the user is in the database and allow access or not.
thanks,
Haitham Jneid
09-20-2016 01:22 PM
ACS to be integrated with AD to retrieve user/group database - Yes
dot1x is to be configured between switch and ACS- Yes and in ACS, like I said, that's where you will configure dot1x authentication and authorization policies.
in this case wired users once they plug their laptop on a switch port enabled for dot1x authentication, the switch will contact ACS and ACS has already the database from AD. ACS will check if the user is in the database and allow access or not. Yes based on your dot1x authentication and authorization policies.
***Please rate and mark the comment correct if you find it helpful***
09-21-2016 02:51 AM
Hi,
so it is not possible to integrate 3850 directly with AD, it should be through ACS right?.
thank you.
Haitham
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide