Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
1
Replies

Interface templates in data center?

kerai08
Cisco Employee
Cisco Employee

‎11-21-2017 08:43 AM

Hi team,

Customer has a requirement to stop people plugging into switches/servers with their laptop etc in the data center.

Customer currently uses ISE in branch locations with MAB (no dot1x). The requirement is less about authenticating users but more stopping anyone plugging in (there a physical controls like biometrics to get past) with a more centralised way of controlling the policy rather than things like port security (sticky MAC etc) as it's a higher administrative overhead.

Questions:

1. What would be a recommended way to lock down ports in a data center environment? Is ISE in the data center overkill here?

2. Will service or interface templates be something they could use here?

3. What do we at Cisco use in our DC environment?

Appreciate your thoughts.

Thanks,

Arron

0 Helpful
1 Reply 1

hariholla
Cisco Employee
Cisco Employee

‎11-21-2017 04:20 PM

Hi Arron,

Typically DC environments are secured physically, so this requirement doesn’t arise with many of our customers. We do support 802.1X on some of our DC switches, but that isn’t officially validated with ISE. For ISE to be able to deny unauthorized access, some sort of authentication is necessary. I suggest you consult the DC engineers get tips on how to do it with some sort of DC managers like DCNM or APIC controller.

~Hari

0 Helpful
Customers Also Viewed These Support Documents