Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
211
Views
0
Helpful
1
Replies

Port Monitoring for non-domain joined devices.

duffsting
Level 1
Level 1

‎01-26-2024 11:19 PM

Hey all!

We already shut down ports that are not in use, but that doesn't stop people from disconnecting their PC at their desk and connecting their own devices to the ports. I've been tasked with putting in a policy that would alert the network team when someone tries to connect a non-domain device to one of our network ports.

We also use dot1x for authentication, but since we have a lot of printers, we have to allow dhcp/dns access along with allowing for mab failover if dot1x .. fails.

Does anyone have any suggestions for this? (I did a google search before posting this and didn't see anything useful).

Thanks!

https://19216811.cam/ https://1921681001.id/
Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎01-27-2024 12:46 AM

You have mentioned 802.1X what is the backend you using ISE ? what switch models and can you post radius config and port config of switch here ?

How is your Authentication in Place Machine and user ?

You have also failed authentication can use MAB, you have MAC database added to Radius for the validation.

Look at ISE deployment (if you using ISE or you get an idea of concept)

https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

In general if the port has unauthorized device you can push to untrusted vlan, which has no access.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card