Solved: ISE NAC DO1X

ramziabdelhak · ‎08-20-2023

Hello guys,

how can i enable a specific method list for dot1x auth/authz on cisco switches ?

Thanks

Rob Ingram · ‎08-20-2023

@ramziabdelhak check out the differentiated authentication section of this guide - https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

You can apply different settings based on NAD/interface(s) directly using ISE authorisation rules rather than make the switch configuration overly complex.

View solution in original post

Rob Ingram · ‎08-20-2023

@ramziabdelhak example:-

aaa authentication dot1x LIST group ISE
aaa authorization network LIST group ISE

ramziabdelhak · ‎08-20-2023

Hi @Rob Ingram

What i want to do, is to specify a named method list that do not apply authorization on specific switch interfaces having dotx enabled so that i can manuly apply my vlans once the enpoint got authenticated by ISE,

As usual, you are alway the first to help, thank you man

Rob Ingram · ‎08-20-2023

@ramziabdelhak check out the differentiated authentication section of this guide - https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

You can apply different settings based on NAD/interface(s) directly using ISE authorisation rules rather than make the switch configuration overly complex.

ahollifield · ‎08-21-2023

https://www.ise-support.com/cisco-ise-nad-configuration-templates/