cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2276
Views
8
Helpful
7
Replies
Highlighted
Beginner

How to do .1x port based network access authentication through ACS

How to do .1x port based network access authentication through ACS.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Beginner

Hi, 802.1x can authenticate

Hi,

 

802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.

 

In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.

 

To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html

 

To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005

 

 

Regards,

Kush

View solution in original post

Highlighted
Cisco Employee

check the following link for

check the following link for Port-based Authentication with ACS 5.2

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html

View solution in original post

7 REPLIES 7
Highlighted
Rising star

Request you to follow the

Request you to follow the below

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/sw8021x.html

Highlighted
Beginner

Thanks Salodh for your quick

Thanks Salodh for your quick response

In given link i am getting only switch related part but still Radius side configuration is not clear for me, please give some more light on this related to radius (ACS) configuration. 

Highlighted
Rising star

another config. examplehttp:/

another config. example

http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116506-configure-acs-00.html

Highlighted
Beginner

Thanks Salodh I am still

Thanks Salodh

 

I am still little confused, in ACS i don't find any option to store users mac identity (mac address). In my knowledge .1x authentication means radius server stores all mac address and verify the user with available mac record.

Please correct me if i am wrong.

 

Highlighted
Beginner

Hi, 802.1x can authenticate

Hi,

 

802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.

 

In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.

 

To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html

 

To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005

 

 

Regards,

Kush

View solution in original post

Highlighted
Beginner

Thanks a lot kushsriva and

Thanks a lot kushsriva and salodh, i got my answer with your help.

Highlighted
Cisco Employee

check the following link for

check the following link for Port-based Authentication with ACS 5.2

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113559-port-based-auth-acs-00.html

View solution in original post