ISE question about switches

m-martynowski · ‎07-30-2013

I am implementing ISE and have run into several locations that have used consumer brand 4 ports switches to connect multiple workstations on one cable. I realize there is a list of supported Cisco switches for ISE, but I was wondering if anyone has used a lower end Cisco or other vendor switch (i.e. Cisco SG200-08 or SF300-08) to do basic authentication against ISE as it relates to enabling the port once the 802.1x authenitcation is passed?

Realize this is a bit vague, just looking for anyone with practical experience with this.

Thanks

contactabbas · ‎07-30-2013

I have not configured dot1x for the mentioned switches, if the switches do support dot1x you should be able to do basic authentication. If there are multiple endpoints on the same port, you should use the Multi-Auth host mode on switchport. Also you will have to choose an authentication method that is supported by the endpoints.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps11229/data_sheet_c78-634369.html

• Network security: Cisco 200 Series switches provide basic security and network management features you need to maintain a level of security for your business, keep unauthorized users off the network, and protect your business data. The switches provide integrated network security to reduce the risk of a security breach, with IEEE 802.1X port security to control access to your network.

and

802.1X: RADIUS authentication and accounting, MD5 hash

There wont be CoA and authorization, you may apply manual ACL on switchport for the controlled access.

the answer to your post, yes you should be able to do basic dot1x authentication.

HTH

msonnie · ‎07-30-2013

I agree with Mudasir that " If the switches do support dot1x you should be able to do basic authentication. If there are multiple endpoints on the same port, you should use the Multi-Auth host mode on switchport. "