Cisco ISE and 2960 Access Switch Integrating

SaintEvn · ‎08-23-2020

Hi all,
I've configure my 2960 access switch to integrate with ISE to use Radius 802.1x authentication for Endpoints.

vlan 10
name Mgmt_nwk
vlan 20
name Staff_Nwk01
vlan 30
name Staff_Nwk02
vlan 40
name Staff_Network03
int vlan 10
ip add 192.168.100.10 255.255.255.0
ip default-gateway 192.168.100.1

ip radius source-interface Vlan10

I've configured 3 VLANs and configure interface vlan for VLAN 10.
And for the radius, I configure vlan 10 as source interface.

Although I only use vlan 10 as source-interface for Radius, if I enabled 802.1x authentication on switch port that is configured for "access vlan 20 or access vlan 30" ,then enpoint that connect to those ports should also be participate with ISE Radius authentication process. I'm right ?

Thank you so much all!!

Damien Miller · ‎08-23-2020

Yes, specificying vlan 10 as the radius source interface just means that the radius traffic will be sourced from 192.168.100.10 to ise. The switch will forward client authentication requests to ise sourced from that address.

Then within ise you typically create a network device object with that matching address.

balaji.bandi · ‎08-23-2020

yes, that is correct if your VLAN 10 is the Management VLAN where the switch can reach ISE.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help