08-12-2020 11:54 PM
Hello,
I have switched configured with 802.1x to run as authenticator.
In one of the ports I would like to add Cisco ASA as supplicant and keep 802.1x enabled.
So the question is , can I add a username and password on the ASA so it will authenticate itself with the switch ? if no what is the best replacement for such approach ? - (I am thinking of port security for the MAC address).
Thank you.
Solved! Go to Solution.
08-13-2020 12:51 AM
i would not advise that approach that is not best practice, rather i suggest remove those ports connected to ASA normal Access port or Por-channel with oput any .1X kind of stuff.
ASA itself is a security device so that security can be take care, and this is not access port where user can plug any device, these devices are located in secure area, where it was protected from other users.
if you like you can do sticky for that ports - but not required my point of view.
08-13-2020 12:06 AM
08-13-2020 12:48 AM
08-13-2020 01:05 AM
08-13-2020 12:51 AM
i would not advise that approach that is not best practice, rather i suggest remove those ports connected to ASA normal Access port or Por-channel with oput any .1X kind of stuff.
ASA itself is a security device so that security can be take care, and this is not access port where user can plug any device, these devices are located in secure area, where it was protected from other users.
if you like you can do sticky for that ports - but not required my point of view.
08-14-2020 04:44 AM
09-22-2020 02:16 AM
yes VPN is the Good option, or if switches support you can do MACSEC switch to switch Layer 2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide