topic Cisco ISE and Authentication Failed VLAN in Network Access Control

Cisco ISE and Authentication Failed VLAN

mkriss5681 — Mon, 11 Mar 2019 03:17:20 GMT

I am trying to setup ISE to assign a VLAN to unauthorized computers. I tried using "authentication event fail action authorize vlan 666" command but unfortunately I'm using multi-auth because we have users with bridged VMs and Cisco does not support it (http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1454875).

Is there a way to make an Authorization/Authentication profile within ISE to assign the VLAN to failed devices?

Cisco ISE and Authentication Failed VLAN

Venkatesh Attuluri — Thu, 11 Apr 2013 06:32:50 GMT

You can set endpoint protection status to quarantine, and establish policies that assign different
authorization profiles, depending on the status of the endpoint.
Quarantine essentially moves an endpoint from its default VLAN to a specified Quarantine VLAN. The
The Quarantine VLAN must be previously defined by a network administrator and supported on the
same NAS as the endpoint. Unquarantine reverses the quarantine action, returning the endpoint to its
original VLAN.
The quarantine and unquarantine actions are performed as a result of established Authorization Rules
that are defined to check for EPSStatus

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_eps.html#wp1219979

Cisco ISE and Authentication Failed VLAN

mkriss5681 — Fri, 12 Apr 2013 12:01:01 GMT

Thank you! I'll check it out.

Cisco ISE and Authentication Failed VLAN

mkriss5681 — Fri, 12 Apr 2013 12:04:32 GMT

Unfortunately I only have the Base Liscense so I am out of luck.