cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1561
Views
0
Helpful
2
Replies

Wired 802.1x with Machine Certificates and Windows NPS

Hello all, 

 

I am looking to implement 802.1x on our switch ports to ensure that only devices we own are able to connect to the network. We have a CA server and it is pushing out a certificate to every machine in the organization so that step us already out of the way. I am having issues locating a good guide on how to accomplish this setup. I need to be able to configure the switch to authenticate both an IP phone and a computer on each port. I haven't been able to find a guide to really help me through this. I have found information relating to it being possible to authenticate both IP phones and computer on a single port but I haven't quite got that far yet. 

 

Most of the guides I find related to wired 802.1x deal with dynamic VLAN assignment and I am not looking to dynamically assign VLANs. I would like to have the VLANs statically set on the switches and just have the NPS server handle authorizing the device or shutting the device out based on if a valid organization issues certificate is present. I 

 

I am hoping that somebody can point me to a guide that will answer my question or provide me with some detailed configurations. 

 

Thanks! 

2 Replies 2

Hi,

Here is the ISE Secure Wired access guide. Even if you are not using ISE this guide will cover the switch configuration. This is a more generic 802.1x guide.

 

If you plan on using Dynamic VLAN assignment you'll probably want to use the radius av - Tunnel-Private-Group. You would need to ensure your VLANs are named consistently across your switches.

 

HTH

Thanks for the guide. Unfortunately they are pretty close to what I have already researched and isn't quite specific enough. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco