Cloud Authentication and Policy for Branch Gateways

Configuring Cloud Authentication and Policy Using 802.1x or MAC Authentication

  1. In the WebUI, set the filter to a Branch Gateway group.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices, and then click Gateways.

    A list of gateways is displayed in the List view.

  3. Click Config.

    The configuration page is displayed for the selected group.

  4. Ensure you are in the Basic Mode.
  5. Click Policies > Roles.
  6. Click the + icon to add a user role in the Roles table.
  7. Click the + icon in the Role Assignment table. The Role Assignment pop-up appears.
  8. Select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID from the VLAN ID drop-down list to which this role must be applied.
  9. Select a role from the Initial role drop-down list. This role is the default user role that is assigned to the clients connecting through this VLAN.
  10. From the Authentication drop-down, select one of the following options:
  11. Select the Default authenticated role from the drop-down list.
  12. Select one of the following authentication modes:
    • MAC authentication—Select this check box to ensure that the Gateway ports configured under this VLAN are enabled to perform MAC Authentication. Based on the authentication status (Success or Failure), appropriate roles (server provided, default, or initial role) are applied.
    • 802.1X authentication—Select this check box to ensure that the Gateway ports configured under this VLAN are enabled to perform 802.1X Authentication. Based on the authentication status (Success or Failure), appropriate roles (server provided, default, or initial role) are applied. You can also enable MAC authentication to allow clients to complete 802.1X authentication when MAC authentication fails and vice-versa.
  13. Enable the Cloud Auth Cloud Authentication and Policy allows you to configure user and client access policies that provide a secured, cloud-based network access control (NAC). toggle switch.

    This creates the Cloud Authentication and Policy server and is assigned to its server group. These servers are mapped in the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profiles and used for authentications based on the authentication type (MAC or 802.1x) set in the role assignment profile.

  14. Click Save in the Role Assignment window and click Save Settings.

    The settings are saved.

The following animation shows how to configure Cloud Authentication and Policy for Branch Gateways.