802.1x and DNA

Leftz · ‎03-28-2023

Hi We can configure 802.1x to limit certain user pc to access to some sw port. But when the user move to another building, he cannot access network as the sw in the second building does not have configuration for him. Is it possible for DNA to be able to resolve the issue? Thanks

Preston Chilcote · ‎03-28-2023

Are you using ISE? Usually ISE is responsible for pushing vlan configs down to switch ports in an 802.1x environment. DNA plays no role, other than helping automate the dot1x config across your access switches.

Leftz · ‎03-28-2023

@Preston Chilcote Thanks for your reply. user pc walk among different building and need to access network via access switch in different buildings. Without 802.1x config on switch port, administrator can control the user to access the network via DNA, ISE etc?

Preston Chilcote · ‎03-28-2023

You need 802.1x config to tell the access port that it needs to authenticate and authorize the user before granting access (it will then ask ISE). Without it, the user will be given access to any port it plugs into.

Leftz · ‎03-28-2023

traditionally, its. we have to config 802.1x at access switch. so even if we use DNA and ISE, we still have to configure 802.1x on access switch as before?

Preston Chilcote · ‎03-28-2023

DNA can help you automate the configuration across all of your access devices by creating and provisioning day-n templates (or by building a full Software Defined Access fabric), but yes you still need 802.1x config on the interface.

If you want to learn more about how get the most from DNA, I recommend watching Cisco Live presentations or asking your Cisco Account Team to introduce you to a Cisco Customer Success Representative.