Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
3
Replies

Cisco ISE

Go to solution
jm.virtual01
Level 1
Level 1

‎03-27-2019 01:09 PM

I have cisco ISE 2.2 in my network for the authentication. For the wireless network i have number of standalone APs connected to the access layer switch directly and because of this, it consumes more licensing. Can i remove the dot1x from the interface where the APs are connected? Because the wireless infrastructure is secured by clear pass. So only authenticated users can get the access via wireless infrastructure.

 

So is it fine to remove the dot1x configuration from the interfaces where the APs are connected?

Is there any cisco recommended practice for this kind of issue?

Is there any cisco provided document for this kind of situation? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎03-27-2019 01:45 PM

You can do anything you want, the world is your oyster as they say.

That said, the goal with wired dot1x is to secure your access layer and protect potential entry points on to your network. If you remove dot1x from the AP ports, then they won't consume any license, but you would probably be best to secure the port some other way then.

The reccomendation as a general security practice, secure all your access ports, my customers tend to do that with ISE still.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎03-27-2019 01:45 PM

You can do anything you want, the world is your oyster as they say.

That said, the goal with wired dot1x is to secure your access layer and protect potential entry points on to your network. If you remove dot1x from the AP ports, then they won't consume any license, but you would probably be best to secure the port some other way then.

The reccomendation as a general security practice, secure all your access ports, my customers tend to do that with ISE still.
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Damien Miller

‎03-27-2019 01:50 PM

If you have ISE use it for everything! ☺
0 Helpful

Go to solution
jm.virtual01
Level 1
Level 1
In response to Damien Miller

‎03-27-2019 04:54 PM

if i have a licences issues and the wireless infrastructure is secured by clear pass then what is the best practice ?

0 Helpful
Customers Also Viewed These Support Documents