Solved: Windows 10 boxes wired 802.1x authentication

tinhnho123 · ‎03-08-2021

Hi Guys,

I have few windows 10 computers that connected to a Cisco 9300 switches and they're on VLAN 10. The switch is using TACACS in ISE for authentication. The windows computers are joined AD domain. AD users can log in to these computers just fine today.

Goal:

How do we prevent anyone to plug an unauthorized computer into the switch's ports with ISE?

Thanks.

thomas · ‎03-09-2021

You want 802.1X authentication on your switchports.

Please read ISE Secure Wired Access Prescriptive Deployment Guide for how to do this.

View solution in original post

Mike.Cifelli · ‎03-08-2021

Some really good documentation to fully understand proper workflows and solutions can be found here: Cisco ISE & NAC Resources

Look under the 'Secure Wired Access' section. That should aide in fully understanding 802.1x + secure access possibilities. HTH!

balaji.bandi · ‎03-08-2021

Most use case in Enterprise Lan - by default it will be dummy VLAN if any unknown device plugs into the port, that not lead to anywhere else user not get any IP address.

Once the device authenticated ISE will allocate based on the information of the user VLAN will be allocated and SGT tags will be added so the user gets rights to access to the intent to access rights.

your access pot config very important here.

there is a good video onboarding process how it works :

https://www.youtube.com/watch?v=CbCOZh8xf2A&t=152s

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thomas · ‎03-09-2021

You want 802.1X authentication on your switchports.

Please read ISE Secure Wired Access Prescriptive Deployment Guide for how to do this.