cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

99
Views
0
Helpful
1
Replies
Highlighted
Contributor

Authentication Periodic

I had a couple of questions regarding authentication periodic.

If you do not have authentication periodic configured on a switch port, does that mean a device will only have to authenticate 1 time until the inactivity timer expires?

Would it be a bad practice to only authenticate devices 1 time?

1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: Authentication Periodic

A couple of things come to mind.  First, from a security perspective, someone could use a hub or other device that keeps the link state of the port up and is able to plug a rogue device in after the good device authenticates.  Then the rogue device would have access seemingly for a long period of time without having to reauthenticate.  Reauthenticating at least every 12 hours may not stop this activity but would cause the rogue actor some headaches.

Second, for visibility, troubleshooting, and/or reporting, you may miss some devices if they haven't authenticated in the previous day or so.  ISE Live Logs only go back for 24 hours.  And some of the reporting gets slow if you try to go back more than 7 days.  I personally like to be able to filter on an IP, MAC address, or username/machine name to be able to see whether someone is online and what switch/port they are on.  You wouldn't be able to trust the Live Logs if you aren't sure if they authenticated recently or not.

View solution in original post

1 REPLY 1
Rising star

Re: Authentication Periodic

A couple of things come to mind.  First, from a security perspective, someone could use a hub or other device that keeps the link state of the port up and is able to plug a rogue device in after the good device authenticates.  Then the rogue device would have access seemingly for a long period of time without having to reauthenticate.  Reauthenticating at least every 12 hours may not stop this activity but would cause the rogue actor some headaches.

Second, for visibility, troubleshooting, and/or reporting, you may miss some devices if they haven't authenticated in the previous day or so.  ISE Live Logs only go back for 24 hours.  And some of the reporting gets slow if you try to go back more than 7 days.  I personally like to be able to filter on an IP, MAC address, or username/machine name to be able to see whether someone is online and what switch/port they are on.  You wouldn't be able to trust the Live Logs if you aren't sure if they authenticated recently or not.

View solution in original post