802.1x preauth ACL

Solved
IsaiahGrothe
Conversationalist

802.1x preauth ACL

Is it possible to configure a pre-authentication ACL for interfaces configured with wired 802.1x authentication?  I would like to have selective network access allowed in the state prior to successful authentication, and then overridden by a dACL granting full access if/when authentication passes.

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

No.  You can just change the VLAN.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

No.  You can just change the VLAN.

IsaiahGrothe
Conversationalist

Okay.  Is any traffic at all (DHCP / DNS / PXE / etc.) allowed to pass on the switchport prior to authentication?  Or is an unauthenticated endpoint completely isolated?

PhilipDAth
Kind of a big deal
Kind of a big deal

Completely isolated unless you configure a guest VLAN and authentication does not occur.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels