Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1917
Views
0
Helpful
2
Replies

port security based on computer certificate ?

Go to solution
tedauction
Level 1
Level 1

‎01-25-2017 07:21 PM - edited ‎03-08-2019 09:04 AM

Hello, can someone please outline the basic functionality of how I could enable port security using 802.1x for specific computers only.

Is this done somehow using a certificate on each computer ?

Thank you kindly.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-25-2017 07:45 PM

Hi

To achieve that you'll need a radius server (like Cisco ISE, ACS or others...). 

To activate for specific computers, you need:

  • Activate globally dot1x
  • Activate dot1x on specific ports where are computers connected to

The authentication could be done in different ways:

  • User certificate on the machine
  • Machine certificate (for machines joined to active directory they get one)
  • User/password (AD credentials)

Hope this clear enough.

Thanks

PS: Please don't forget to rate and mark add correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-25-2017 07:45 PM

Hi

To achieve that you'll need a radius server (like Cisco ISE, ACS or others...). 

To activate for specific computers, you need:

  • Activate globally dot1x
  • Activate dot1x on specific ports where are computers connected to

The authentication could be done in different ways:

  • User certificate on the machine
  • Machine certificate (for machines joined to active directory they get one)
  • User/password (AD credentials)

Hope this clear enough.

Thanks

PS: Please don't forget to rate and mark add correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-25-2017 07:49 PM

Hi,

You enable ports for 802.1x and to authenticate against radius server. See figure-1 and 2.

Here is the config guide with diagram and how to configure 802.1x

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x-pba.html

HTH

0 Helpful
Customers Also Viewed These Support Documents