cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
592
Views
0
Helpful
3
Replies

Cisco ISE

jm.virtual01
Level 1
Level 1

I have cisco ISE 2.2 in my network for the authentication. For the wireless network i have number of standalone APs connected to the access layer switch directly and because of this, it consumes more licensing. Can i remove the dot1x from the interface where the APs are connected? Because the wireless infrastructure is secured by clear pass. So only authenticated users can get the access via wireless infrastructure.

 

So is it fine to remove the dot1x configuration from the interfaces where the APs are connected?

Is there any cisco recommended practice for this kind of issue?

Is there any cisco provided document for this kind of situation? 

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni
You can do anything you want, the world is your oyster as they say.

That said, the goal with wired dot1x is to secure your access layer and protect potential entry points on to your network. If you remove dot1x from the AP ports, then they won't consume any license, but you would probably be best to secure the port some other way then.

The reccomendation as a general security practice, secure all your access ports, my customers tend to do that with ISE still.

View solution in original post

3 Replies 3

Damien Miller
VIP Alumni
VIP Alumni
You can do anything you want, the world is your oyster as they say.

That said, the goal with wired dot1x is to secure your access layer and protect potential entry points on to your network. If you remove dot1x from the AP ports, then they won't consume any license, but you would probably be best to secure the port some other way then.

The reccomendation as a general security practice, secure all your access ports, my customers tend to do that with ISE still.

If you have ISE use it for everything! ☺

if i have a licences issues and the wireless infrastructure is secured by clear pass then what is the best practice ?