https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3817573#M484463 Is it possible to put the switchport as errdisable after the authentication fail ?<BR /><BR />Not that I am aware of. If there is a way hopefully someone else will chime in.<BR /><BR />What you are looking for can be accomplished via this under your port configs:<BR />#authentication event fail action authorize vlan ##<BR /><BR />HTH! Mon, 11 Mar 2019 18:18:24 GMT Mike.Cifelli 2019-03-11T18:18:24Z https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3815656#M484460 <P>Hello,</P><P>&nbsp;</P><P>I'm working on a windows radius server, and a cisco switch 2960X.</P><P>Is it possible to put the switchport as errdisable after the authentication fail ?</P><P>I tried to configure the port security but it does not see the authentication fail as an security violation.</P><P>&nbsp;</P><P>So even when the authentication fail, it will still put the switchport on vlan1.</P><P>&nbsp;</P><P>Thank you for your attention.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 07 Mar 2019 14:24:01 GMT https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3815656#M484460 Teayuu 2019-03-07T14:24:01Z https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3815751#M484461 <P>&nbsp;</P> <P>&nbsp;- In general this is not the intended purpose of&nbsp; ISE as this has more fundamental consequences for the device and it's <U>network connection</U>.&nbsp; You may want to look into schemes such as <FONT color="#0000FF">CoA</FONT>, to isolate devices on quarantine VLAN's (that's only an example).</P> <P>M.</P> Thu, 07 Mar 2019 16:25:05 GMT https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3815751#M484461 Mark Elsen 2019-03-07T16:25:05Z https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3817243#M484462 Thank you for your anwser.<BR /><BR />Do you know if it's possible to configure the access reject so it can be seen as a security violation ? Mon, 11 Mar 2019 09:45:34 GMT https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3817243#M484462 Teayuu 2019-03-11T09:45:34Z https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3817573#M484463 Is it possible to put the switchport as errdisable after the authentication fail ?<BR /><BR />Not that I am aware of. If there is a way hopefully someone else will chime in.<BR /><BR />What you are looking for can be accomplished via this under your port configs:<BR />#authentication event fail action authorize vlan ##<BR /><BR />HTH! Mon, 11 Mar 2019 18:18:24 GMT https://community.cisco.com/t5/network-access-control/unauthorized-devices-authentication-radius/m-p/3817573#M484463 Mike.Cifelli 2019-03-11T18:18:24Z