cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

802.1x preauth ACL

SOLVED
IsaiahGrothe
Conversationalist

802.1x preauth ACL

Is it possible to configure a pre-authentication ACL for interfaces configured with wired 802.1x authentication?  I would like to have selective network access allowed in the state prior to successful authentication, and then overridden by a dACL granting full access if/when authentication passes.

1 ACCEPTED SOLUTION

Accepted Solutions
PhilipDAth
Kind of a big deal

Re: 802.1x preauth ACL

No.  You can just change the VLAN.

View solution in original post

3 REPLIES 3
PhilipDAth
Kind of a big deal

Re: 802.1x preauth ACL

No.  You can just change the VLAN.

View solution in original post

IsaiahGrothe
Conversationalist

Re: 802.1x preauth ACL

Okay.  Is any traffic at all (DHCP / DNS / PXE / etc.) allowed to pass on the switchport prior to authentication?  Or is an unauthenticated endpoint completely isolated?

PhilipDAth
Kind of a big deal

Re: 802.1x preauth ACL

Completely isolated unless you configure a guest VLAN and authentication does not occur.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.