Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
1
Replies

Wired Port Authentication Questions

marioderosa2008
Level 1
Level 1

‎05-08-2012 03:38 AM - edited ‎03-10-2019 07:04 PM

Hi all,

I have been reading article http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1430161 and I am trying to get my head around the type of port authentication Methods & Modes I am going to require for a Proof of Concept using a Cisco ISE as the Authentication Server.

The switchport will have a single IP Phone in a Voice VLAN and then a Single host in a Data VLAN. Reading this article, I think I should be configuring "802.1x" authentication method using "Single Host" Mode.

However will that support a Downloadable ACL dependant on the user credentials? And will it allow a restricted ACL to be downloaded if authentication of the Machine or the User fails.? I dont really want to create & manage Guest & Remediation VLANs with thier respective ACLs on every switch in my enterprise, including our remote branch offices.

Hope that makes kinda sense.

Mario

Labels:
0 Helpful
1 Reply 1

Eduardo Aliaga
Level 4
Level 4

‎05-12-2012 07:10 PM

No. You need "multi-domain" mode. Multi-domain means it will allow only one host in data vlan and only one host in voice vlan. It will allow the use of "downloadable ACL".

Please rate if it helps.

0 Helpful
Customers Also Viewed These Support Documents