Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
763
Views
2
Helpful
3
Replies

Deploying ISE with EAP Authentication

bobCohen
Level 1
Level 1

‎03-05-2024 02:27 AM

Hello everyone,
I am currently trying to deploy ISE in my environment in order to use it for certificate based authentication with EAP and I have a few questions. First and most important, I am connecting to some of my network devices (which are nexus switches) through the management interface and I need to enable dot1x on the interface I am connecting to the switch from and from what I have seen it is not possible to enable it on the management interface, is it really not possible? Is it possible to do an eap authentication to apic and leaf and spine switches with ISE? I am using a linux workstation is it possible to use it for this type of authentication? And lastly I could not find a comprehensive guide that includes the configuration on the ISE and on the switch, if anyone has one to provide I would love that.
I would be happy for an answer to any one of those questions.
Thanks in advance:)

0 Helpful
3 Replies 3

thomas
Cisco Employee
Cisco Employee

‎03-05-2024 08:28 AM

ISE Secure Wired Access Prescriptive Deployment Guide is the authoritative guide for wired switch configuration. However you will not find data center switches described because typically data centers are highly-managed environments and do not have random endpoints/servers plugging in and needing dynamic authentication. Tagging is typically provided by ACI and ISE can translate the ACI EPGs to the enterprise campus network using TrustSec SGTs.

See https://cs.co/ise-guides#ACI for more details.

bobCohen
Level 1
Level 1
In response to thomas

‎03-08-2024 05:59 AM

Hello Thomas, Thank you for the answer!
What I'm looking for is 802.1x eap authentication to the devices in the aci fabric - the apic and the spines and leafs, is that possible? I didn't see this option in any of the guides.

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee
In response to bobCohen

‎03-11-2024 03:42 PM

As @thomas said... "you will not find data center switches described because typically data centers are highly-managed environments and do not have random endpoints/servers plugging in and needing dynamic authentication."

Most data center switches and server operating systems have limited (if any) support for 802.1x due to the above factors. As such, you will not find any validated designs around this use case.

IEEE 802.1x is also not listed as a supported standard for the Nexus 9000 in ACI-Mode.

Customers Also Viewed These Support Documents