One of our customers is in the middle of their Viptela SD-WAN rollout with vEdge routers. Their standard deployment uses Cisco C1000 switches connected to service VPN ports. They need a way to disable/shutdown the service VPN vEdge port if they detect that something other than a C1000 switch is connected to it. 802.1x would be a great tool for this but it looks was though 802.1x port security is only supported on VPN0 interfaces (not service VPN interfaces).

Any guidance on how to solve this problem and secure my customer’s network?

Thanks for any assistance.