Cisco 802.1X Supplicant and NAD

Every ISE deployment project includes this question from the client: What if dot1x is enabled on the supplicant and not on the NAD and vice verse?

Supplicant – Configured, NAD – Not Configured:
If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the client are dropped. If the client does not receive an EAP-request/identity frame after three attempts to start authentication, the client sends frames as if the port is in the authorized state. A port in the authorized state effectively means that the client has been successfully authenticated.

Supplicant – Not Configured, NAD – Configured:
If a client that does not support 802.1X authentication connects to an unauthorized 802.1X port, the switch requests the client’s identity. In this situation, the client does not respond to the request, the port remains in the unauthorized state, and the client is not granted access to the network.


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *