Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
977
Views
10
Helpful
6
Replies

ISE Authentication for Network Devices

Go to solution
Fenix12585
Level 1
Level 1

‎09-14-2022 11:23 AM

We currently use ISE to manage 802.1x and limited mab authentication of endpoints on the network.

Is it possible to authenticate network devices as well?

For example we apply authentication configs to sw2.
      Then connect sw2 to sw1.
            Sw1 will not allow port access if SW2 does not authenticate itself with ise.

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ammahend
VIP
VIP

‎09-15-2022 04:29 AM

I don’t think that would work, at least I haven’t tried, to make a device authenticate there is the port config and supplicant 802.1X config. In your case you are talking about configuring uplink trunk port for 802.1X authentication and then SW1 as supplicant…and it won’t work most likely because 802.1X protocol is supported on both Layer 2 static-access ports and Layer 3 routed ports, but it is not supported on Trunk port—If you try to enable 802.1X on a trunk port, an error message will appear. 

-hope this helps-

View solution in original post

Go to solution
Fenix12585
Level 1
Level 1
In response to ammahend

‎09-26-2022 12:30 PM

gotcha... thank you.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
ahollifield
VIP
VIP

‎09-15-2022 02:11 AM - edited ‎09-15-2022 02:12 AM

Yes, preferably with TACACS+.  Are you talking about daisy chained switches or Device Administration?

0 Helpful

Go to solution
Fenix12585
Level 1
Level 1
In response to ahollifield

‎09-15-2022 04:26 AM

specifically daisy chained switches.

We are pretty heavy with tacacs+ also so that wouldn't necessarily be a huge overhaul to implement. I was not aware tacacs+ could be used for more than device administration.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to Fenix12585

‎09-15-2022 04:43 AM

It can't.  I thought you were talking logging into the device itself.  The setup you describe will not work with a trunk port as @ammahend mentioned?  What is your use-case?  Why do you want 802.1X on links between switches?

Go to solution
Fenix12585
Level 1
Level 1
In response to ahollifield

‎09-26-2022 12:32 PM

we have some switches that can't be easily secured properly, so it would be nice to have the everything authenticate through 802.1x. Also flex connect WAPs would be amazing to have better authenticated.

0 Helpful

Go to solution
ammahend
VIP
VIP

‎09-15-2022 04:29 AM

I don’t think that would work, at least I haven’t tried, to make a device authenticate there is the port config and supplicant 802.1X config. In your case you are talking about configuring uplink trunk port for 802.1X authentication and then SW1 as supplicant…and it won’t work most likely because 802.1X protocol is supported on both Layer 2 static-access ports and Layer 3 routed ports, but it is not supported on Trunk port—If you try to enable 802.1X on a trunk port, an error message will appear. 

-hope this helps-

Go to solution
Fenix12585
Level 1
Level 1
In response to ammahend

‎09-26-2022 12:30 PM

gotcha... thank you.

0 Helpful
Customers Also Viewed These Support Documents