07-04-2014 01:46 AM - edited 03-10-2019 09:51 PM
Solved! Go to Solution.
07-10-2014 04:11 AM
Hi,
802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.
In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.
To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html
To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005
Regards,
Kush
07-14-2014 04:31 AM
check the following link for Port-based Authentication with ACS 5.2
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html
07-04-2014 02:08 AM
Request you to follow the below
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/sw8021x.html
07-04-2014 02:25 AM
Thanks Salodh for your quick response
In given link i am getting only switch related part but still Radius side configuration is not clear for me, please give some more light on this related to radius (ACS) configuration.
07-04-2014 03:15 AM
another config. example
http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116506-configure-acs-00.html
07-04-2014 07:58 AM
Thanks Salodh
I am still little confused, in ACS i don't find any option to store users mac identity (mac address). In my knowledge .1x authentication means radius server stores all mac address and verify the user with available mac record.
Please correct me if i am wrong.
07-10-2014 04:11 AM
Hi,
802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.
In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.
To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html
To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005
Regards,
Kush
07-16-2014 02:22 PM
Thanks a lot kushsriva and salodh, i got my answer with your help.
07-14-2014 04:31 AM
check the following link for Port-based Authentication with ACS 5.2
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide