Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3360
Views
8
Helpful
7
Replies

How to do .1x port based network access authentication through ACS

Go to solution
Mukesh Tiwari
Level 1
Level 1

‎07-04-2014 01:46 AM - edited ‎03-10-2019 09:51 PM

How to do .1x port based network access authentication through ACS.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
kushsriva
Level 1
Level 1
In response to Mukesh Tiwari

‎07-10-2014 04:11 AM

Hi,

 

802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.

 

In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.

 

To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html

 

To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005

 

 

Regards,

Kush

View solution in original post

0 Helpful

Go to solution
Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎07-14-2014 04:31 AM

check the following link for Port-based Authentication with ACS 5.2

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Saurav Lodh
Level 7
Level 7

‎07-04-2014 02:08 AM

Request you to follow the below

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/sw8021x.html

Go to solution
Mukesh Tiwari
Level 1
Level 1
In response to Saurav Lodh

‎07-04-2014 02:25 AM

Thanks Salodh for your quick response

In given link i am getting only switch related part but still Radius side configuration is not clear for me, please give some more light on this related to radius (ACS) configuration. 

0 Helpful

Go to solution
Saurav Lodh
Level 7
Level 7
In response to Mukesh Tiwari

‎07-04-2014 03:15 AM

another config. example

http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116506-configure-acs-00.html

Go to solution
Mukesh Tiwari
Level 1
Level 1
In response to Saurav Lodh

‎07-04-2014 07:58 AM

Thanks Salodh

 

I am still little confused, in ACS i don't find any option to store users mac identity (mac address). In my knowledge .1x authentication means radius server stores all mac address and verify the user with available mac record.

Please correct me if i am wrong.

 

0 Helpful

Go to solution
kushsriva
Level 1
Level 1
In response to Mukesh Tiwari

‎07-10-2014 04:11 AM

Hi,

 

802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.

 

In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.

 

To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html

 

To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005

 

 

Regards,

Kush

0 Helpful

Go to solution
Mukesh Tiwari
Level 1
Level 1
In response to kushsriva

‎07-16-2014 02:22 PM

Thanks a lot kushsriva and salodh, i got my answer with your help.

0 Helpful

Go to solution
Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎07-14-2014 04:31 AM

check the following link for Port-based Authentication with ACS 5.2

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents