02-12-2019 12:18 PM
Hello all,
I am looking to implement 802.1x on our switch ports to ensure that only devices we own are able to connect to the network. We have a CA server and it is pushing out a certificate to every machine in the organization so that step us already out of the way. I am having issues locating a good guide on how to accomplish this setup. I need to be able to configure the switch to authenticate both an IP phone and a computer on each port. I haven't been able to find a guide to really help me through this. I have found information relating to it being possible to authenticate both IP phones and computer on a single port but I haven't quite got that far yet.
Most of the guides I find related to wired 802.1x deal with dynamic VLAN assignment and I am not looking to dynamically assign VLANs. I would like to have the VLANs statically set on the switches and just have the NPS server handle authorizing the device or shutting the device out based on if a valid organization issues certificate is present. I
I am hoping that somebody can point me to a guide that will answer my question or provide me with some detailed configurations.
Thanks!
02-12-2019 12:49 PM
Hi,
Here is the ISE Secure Wired access guide. Even if you are not using ISE this guide will cover the switch configuration. This is a more generic 802.1x guide.
If you plan on using Dynamic VLAN assignment you'll probably want to use the radius av - Tunnel-Private-Group. You would need to ensure your VLANs are named consistently across your switches.
HTH
02-13-2019 07:04 AM
Thanks for the guide. Unfortunately they are pretty close to what I have already researched and isn't quite specific enough.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide