cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
80
Views
0
Helpful
0
Replies
Highlighted
Beginner

Can a cisco switch itself be authenticated to a RADIUS server (Not NDAC)

Hello,

I have a good overview of the Cisco TrustSec NDAC idea of seed and non-seed devices using CTS 802.1x authenticating the non-seed device to ISE. However that is not what I am asking about.

 

The question is, can you authenticate a switch itself to a (IETF, call it Windows) RADIUS server.

I have an encrypted link between two switches using CTS MANUAL. The link is up, however I would like to authenticate the access switch (a non-seed in NDAC words) to something else. Maybe the key between the switches gets out and you want to be extra sure your access switch is not a rouge one. Maybe if possible we want to authenticate by serial number or MAC or even just another user/pass combination.

 

RADIUS

|

[ CORE switch sat it in its really secure hut with dogs and a guard ]

|

[ Access sat under the stairwell next to the hoover ] <-- but I want this chap to auth itself!

|

802.1x clients

 

Any ideas because, searching for anything switch authentication related just brings up ISE and maybe ISE is overkill for a single switch.

Everyone's tags (4)