cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

66
Views
0
Helpful
2
Replies
Beginner

802.1x authorized switch port blocks traffic

Hello,

I set up a wired 802.1x configuration. A windows DC/DNS/CA and a DHCP/NPS server authenticate and authorize succesfully a switch port.

Unfortunately, no traffic is allowed to pass through the port?!? IP address on the host and Vlan on the switch are correctly assigned from NPS/DHCP server.

If I issue a packet filter; ARP requests from the host are answered from the switch, but pings originating from the switch are replied by the host, but are not arriving back.

Does anyone have an idea where to look?

Included some useful info.

 

Thanks!!

 

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: 802.1x authorized switch port blocks traffic

Actually its solved...

I found out that with dot1x authentication an extended acl is installed on the switch. I had to overwrite it and apply to the correct interface... 

View solution in original post

2 REPLIES 2
Contributor

Re: 802.1x authorized switch port blocks traffic

I don't see an applied ACL, but are you sending down a DACL from ISE?

 

Is this done on port 1, and what vlan are you sending the device to?

 

once it is on, do you see the correct vlan doing a show int status?

Beginner

Re: 802.1x authorized switch port blocks traffic

Actually its solved...

I found out that with dot1x authentication an extended acl is installed on the switch. I had to overwrite it and apply to the correct interface... 

View solution in original post