Dot1x authentication with IP and Hub phone behind

Hi all

I have a question about the following scenario:

If I ISE deployment with x endpoint license, I have the following configuration:

ISE - Hub SW - phone IP - 4 connected devices

I need to authenticate and profile of all 4 devices connected to the hub, but at the same time, I have no need to authenticate the phone using the ISE IP, since this will consume additional endpoint for the number of licenses, and I need overcome this scenario.

From the point of view configuration, using "authentication host-mode multi-auth" will solve the problem for the devices connected to the hub, but how can I exclude the IP phone number of endpoint from the point of view of ISE?

Thank you.

Ahmad.

That's right, but the only problem that you are experiencing is the ability to put 'data' devices on different VLAN. So if a computer caches and must have guest access, they will be placed on the same vlan as the first device that connects to it.

Here are a few reference documents on this scenario.

http://www.Cisco.com/en/us/docs/switches/LAN/catalyst3750x_3560x/software/release/15.0_2_se/configuration/guide/sw8021x.html#wp1347331

Thank you

Tarik Admani
* Please note the useful messages *.

Tags: Cisco Security

Similar Questions

  • 802. 1 x authentication with Radius and win7 Mab

    Good afternoon!

    I have a question about 802.1 x I've set up a laboratory in which I have configured authentication mab with 802. 1 x, but I have a weird behavior of my network controller. On the switch (4948e), I see that the user is authenticated and authorized, and I can see my switch these outputs:

    21 April 15:13:30.263: % AUTHMGR-5-START: start "mab" for the customer (a01d.48ac.b7f
    (5) on the Interface item in gi1/11 AuditSessionID C0A8DF9C0000002E002F3DAC
    * Apr 21 15:13:30.267: % MAB-5-SUCCESS: authentication successful for the client (a01d
    . 48AC.B7F5) on the Interface item in gi1/11 AuditSessionID C0A8DF9C0000002E002F3DAC
    * April 21 15:13:30.267: % AUTHMGR-7-RESULT: authentication result 'success' of me
    ab' for the client (a01d.48ac.b7f5) on the Interface item in gi1/11 AuditSessionID C0A8DF9C00000
    02E002F3DAC
    * Apr 21 15:13:31.299: % AUTHMGR-5-SUCCESS: authorization succeeds in for the customer (a0
    1d.48AC.B7F5) on the Interface item in gi1/11 AuditSessionID C0A8DF9C0000002E002F3DAC

    If I type "see the authentication session", the corresponding output.

    Switch #show authentication sessions

    Interface MAC address method ID of Session of field status
    Item in gi1/11 a01d.48ac.b7f5 mab DATA Authz success C0A8DF9C0000002E002F3DAC

    The thing is that when I check my network controller, it said "authentication failure". That's what I've done so far:

    1. I restarted my pc, the same behavior.

    2. I disabled and enabled my network controller, the same behavior.

    3. I rebooted the switch and re-configured. Same behavior.

    4. I tried with another PC configuration. Same behavior.

    5. I changed the configuration of "user authentication" using dot1x EAP authenticator and it worked.

    This is the configuration I have on my switch:

    AAA new-model
    Group AAA dot1x default authentication RADIUS
    Group AAA authorization network default RADIUS
    start-stop radius group AAA accounting dot1x default
    AAA - the id of the joint session

    !

    control-dot1x system-auth

    !

    Switch #show run gigabitEthernet int 1/11
    Building configuration...

    Current configuration: 128 bytes
    !
    interface GigabitEthernet1/11

    Cx-to-Host description
    switchport access vlan 223
    switchport mode access
    Auto control of the port of authentication
    MAB
    end

    This is the first time I'll put up a configuration 802. 1 x. I'm doing something wrong?

    I really hope that I am not the only one with this kind of behavior!

    Thank you for any assistance you can give me!

    Status: Authz success

    This means that the port is open. Is this permanent? Keep looking at the output of the show a few minutes see if it tries to dot1x too. Can you ping from the PC?

    As authentication of 802. 1 X is enabled in the properties of the map NETWORK PC that you can expect dot1x method runs on the switch and eventually respond to the computer with auth fail. Authentication in the PC box is not necessary for MAB.

    What type of RADIUS server you use and there 802.1 policy X in addition to MAB policy?

    IP address: unknown

    This means that the switch did not recognize the IP address of the host, probably due to the lack of

    analysis of IP device

    command. But it is not necessary for the plain MAB or dot1x.

  • Program to synchronize bookmarks? Which program do you like? Would like to make it work with Firefox and Evo phone.

    Looking for a way to synchronize bookmarks.  Would operate between PCs as well as mobile.  

    Hey cnote11,

    I suggest to ask in the official Android forums:
    Or if a member of the answers community has suggestions, feel free to post them.

  • load is0 10 to my iidown phone 6 s after finsh my phone restarts on the screen appear (photo and conncet quail itunes) iconncet my phon with PC and open my itunes

    ADOS iso 10 to my iidown phone 6 s after finsh my phone restarts on the screen appear (photo and conncet quail itunes) iconncet my phon with PC and open my itunes

    and stil again

    Take a look at these articles:

    Solve the iOS update and restore error in iTunes - Apple Support

    Get help with iOS update or restore errors - Apple Support

  • Firefox is compatible with the window Surface Pro and Win Phone 8

    Firefox is compatible with the window Surface Pro and Win Phone 8

    A user has posted here the other day that uses a Surface Pro 2 with Windows 8.1, then it should work basically the way it works on a desktop or laptop computer.

    Windows Phone, I don't think.

  • How can I reset my "authentication required" username and password? The fields are always filled with my old information.

    How can I reset my "authentication required" username and password? The fields are always filled with my old information.

    Follow these steps to delete the recorded data (form) in a drop-down list:

    1. Click on the (empty) input field on the web page to open the drop-down list
    2. Select an entry in the drop-down list
    3. Press the DELETE key (on a Mac: shift + delete) to remove it.
    • Tools > Options > Security: passwords: "saved passwords" > "show passwords".

    You may need to clear cookies from this site, so if you checked a box to remember you.

  • Composition of the phone numbers with pauses and extensions?

    With the Pre, is it possible to insert pauses and extensions in phone numbers in your contacts list? And have the phone to dial them all at once when you compose?  What to do to have these numbers in your calendar for an event such as a conference call?  I would like to simply touch the number to the event and do all numbers with pauses and extensions to put me in the call.

    To insert a two-second pause in the dialing sequence, enter a T where you want than the break to appear. To include a stop in the numbering sequence, enter a P where you want to stop to appear. to call the next set of numbers after the stop, press the screen.

  • My iPhone6s pairs with ONE single device (phone link2cell). will pair with something else, and "bicycle wheel" changes all the time! Any suggestions?

    My iPhone6s pairs with ONE single device (phone link2cell). will pair with something else. At the opening of the Bluetooth window "bicycle wheel" next to "Other devices" is always running as if the search! Any suggestions?

    When you open the Bluetooth section in the settings, you can still see the spinning wheel, because it is in discovery mode and is actually looking for other devices in the range. Other devices must be in discovery/torque for the device mode to find them. However, I'm not sure you can be associated with multiple devices at the same time with the iPhone. You can have multiple devices matched on the phone, but you can always not more than one partner at the same time. It depends on what it is you are trying to pair.

  • my phone (samsung RV410-T01) stop automatically. I removed the battery when I was with her. and then it stopped and I can't open it with a battery or even I plug.

    my phone (samsung RV410-T01) stop automatically. I removed the battery when I was with her. and then it stopped and I can't open it with a battery or even I plug.

    Hello

    It is definitely a hardware problem so check with a real computer store (who makes his)

    own service workshop on Samsung) or the Samsung Support.

    Samsung - Support - click on the link of 'Laptop' under 'Office '.
    http://www.Samsung.com/us/support/main/supportMain.do

    Samsung - visit your country Site
    http://www.Samsung.com/us/common/visitcountrysite.html

    I hope this helps.

    Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle=""><- mark="" twain="" said="" it="">

  • I have just started with a new internet provider and get phone calls from a source to say that they are windows and the need to access my computer because its infected in windows. It is this true.

    I have just started with a new internet provider and get phone calls from a source to say that they are windows and the need to access my computer because its infected in windows. It is this true.

    No, it's a scam, ignore the call.

    Just hang up, they are trying to steal your information or to install a virus on your PC.

  • In more of microwave ovens and cordless phones... can TV, VCRs interfere with WIRELESS signals.

    WIFI & PHONES WIRELESS, ETC.

    In more of microwave ovens and cordless phones... can TV, VCRs interfere with WIRELESS signals.  I had to buy a cordless phone and it was always in the sealed box.  I was then with a laptop to the library branch when the librarian approached me and said that "even if unconnected cordless phones and microwave ovens, as well as TVS, VCRs and vacuums... can cause interference with the optimal speed of WIFI and efficiency... »

    Can someone explain if it is absolutely correct.  Of course, I politely responded that given that the laptop was still in its original packaging and seal (I had just bought and not even opened) and unplugged, it could not interfere with anything.
    Please specify.
    Thank you.
    Joe

    A non powered device (not plugged in, no batteries, etc.) cannot intervene in anything at all.  No power, no transmission, no interference. However, any electronic device can interfere to some extent with any other wireless signal, if it is running.

  • With SRP547W and SPA303 VoIP phones

    Hello

    I have a SRP547W hung with the standard desktop phones connected via phone ports on the back of the device using 2 lines as well as the RTC SIP using the hash first of all that the router in the office. We just added a new Member of staff and bought a SPA303 in order to connect the SIP registered on the SRP547W lines, and I hope to have the opportunity to use the PSTN line when the SIP lines are busy.

    The problem is, it connects to VLAN100 and gets its IP address and initializes very well however no line will only show configured and it cannot make or receive calls. I need to configure on the SPA303 tell him to use the SRP547W as its SIP Server/Proxy (not sure of the terminology).

    Kind regards

    Gerard...

    SRP500 routers do not include a SIP proxy function or at the office, but are rather SIP user agents who register with an external proxy.  Your only real options here are to get a third SIP for the SPA303 service, or install a small PBX IP locally that uses the SIP trunks for connectivity to the PSTN and has the SPA303 and SRP500 ports registered as endpoints.

    See you soon,.

    Dave.

  • Need for blackBerry Smartphones help to use my phone as a modem to connect my PC with vista and xp

    I am new to this. I'm trying to help my son and his wife who are missionaries in Central Africa. I gave them a unlocked curve BB 8310 quad band phone to use. They can send and receive phone calls, but need to use the phone to receive reports and download on the pc and work up to the answer, then answer via mobile phone.

    We have e-net service using a local company and a sim card. Can someone give us a step by step on what is needed and how to get there. The e-net Café is 65 miles and he wouldn't know what to look for. Service local is230 kb/s it now uses a Motorola phone that has features of data and it will download to a computer with xp. However, this missionary person will leave very soon and you need this problem is resolved. Can anyone help?

    Kirk V/R & family

    Here is the procedure to follow

    http://www.BlackBerry.com/BTSC/search.do?cmd=displayKC&docType=kc&externalId=KB05196&sliceId=2&docTy...

  • Problems with facebook on rt and windows phone 8 surface integration

    My microsoft account is synchronized on my facebook account previously on Messenger built in app on the rt, I could see people in line with facebook and talk to them. I am more able to do that. This problem is also the same on my windows phone 8, I am unable to talk to anyone on the chat to facebook via the mail service.

    I tried unsyncing my microsoft account to my facebook and re-sync it. It did not work. I also tried a refresh on my rt surface. Also later that yesterday I upgraded my windows phone 7 (who had the same problem) to windows phone 8 and im always has the same problem.

    Any help on this would be greatly appreciated.

    Hi Robert,.

    I understand that Messenger app is not working properly.

    1. have you tried to check in on behalf of different on the same application?

    2. have you tried to check by logging in with a Microsoft account?

    3. When you say sync and unsync, did you uninstall the application or account or just change sync settings?

    I suggest you to install pending updates if available.

    I also suggest you to run the troubleshooter app from the following link:
    http://Windows.Microsoft.com/is-is/Windows-8/what-troubleshoot-problems-app

  • my paid account is returned to a trial account. I disconnected then connected back with no change. It's on my windows desktop and my phone apple's ios.

    my paid account is returned to a trial account. I disconnected then connected back with no change. It's on my windows desktop and my phone apple's ios. How can I access my paid account?

    Please see the links below.

    Also, make sure you use the right adobe ID to log in.

    Hope this will help you.

    Kind regards

    Hervé Khare

Maybe you are looking for

  • Upgrade can not display drivers - Satellite Pro U200-10J

    Hi all I recently received a Satellite Pro U200, which I am very satisfied so far. My current display drivers are the 7.14.10.1147 of the 945GM Express chipset Intel. The new drivers that have been added to the drivers on the Toshiba site list 17 and

  • These elements are not displayed in 10.11.2

    Given that I've upgraded to El Capitan 10.11.2, recent Apple Menu items are not displayed. When I go to the system of preferences/general/Recent items, recent Articles have zero value and cannot be changed.

  • Image stabilization (still images) are no longer available on the camera 2.0?

    Can't seem to find him after the update, and other users have also reported the same. Why it was deleted? Or does that mean that there is no need for default, the Z5 already has a mechanism of stabilization (closed loop actuator) hardware implemented

  • I have an appcrash when battlefield3 starts. fault name atidxx32.dll

    Signature of the problem: Problem event name: APPCRASH Application name: bf3.exe Application version: 1.3.0.0 Application timestamp: 4fa421a5 Fault Module name: atidxx32.dll Fault Module Version: 8.17.10.247 Timestamp of Module error: 4b2aace9 Except

  • AMT 12504

    HelloAfter installing the client, we are faced with an error when trying to connect to the databaseSQLNET. ORA filesqlnet.ora # Network Configuration file: D:\app\sysadmin\product\11.2.0\client_1\network\admin\sqlnet.ora# Generated by Oracle configur