cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
851
Views
0
Helpful
1
Replies

Cisco 800/880/890 - MAB/Dot1x

csavas
Cisco Employee
Cisco Employee
Hello,

the general use case my customers is looking for is to have an ACL per user.

Authentication: MAB - no mac enforcement. MAC address is used for ISE profiling

Authorization:  DACLs per Profiled EndPointGroup

We have two uses case:

1) wired switches: DACLs from ISE (here we are fine)
2) remote router: 800, 880 and 890

For remote use case:

I understand we don't support DACLs on those routers.


Here are my questions:

- Is 802.1x single hoste mode supported on the Cisco 880/890/800 series?

- Is MAC authentication bypass supported on the Cisco 880/890/800 series


The idea is, if MAB is supported to assign local ACL with RADIUS 11.

Any other idea is welcome.

Regards,

Cengiz

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

See Thomas's doc on Cisco 819HWD @ How To Configure Wired 802.1X & MAB Authentication with ISE on a dCloud Router

It seems VLAN enforcement is favored by such platform.

View solution in original post

1 Reply 1

hslai
Cisco Employee
Cisco Employee

See Thomas's doc on Cisco 819HWD @ How To Configure Wired 802.1X & MAB Authentication with ISE on a dCloud Router

It seems VLAN enforcement is favored by such platform.