Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2757
Views
0
Helpful
1
Replies

Authentication Periodic

Go to solution
Alex Pfeil
Level 7
Level 7

‎12-05-2019 11:50 AM

I had a couple of questions regarding authentication periodic.

If you do not have authentication periodic configured on a switch port, does that mean a device will only have to authenticate 1 time until the inactivity timer expires?

Would it be a bad practice to only authenticate devices 1 time?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎12-05-2019 06:27 PM

A couple of things come to mind.  First, from a security perspective, someone could use a hub or other device that keeps the link state of the port up and is able to plug a rogue device in after the good device authenticates.  Then the rogue device would have access seemingly for a long period of time without having to reauthenticate.  Reauthenticating at least every 12 hours may not stop this activity but would cause the rogue actor some headaches.

Second, for visibility, troubleshooting, and/or reporting, you may miss some devices if they haven't authenticated in the previous day or so.  ISE Live Logs only go back for 24 hours.  And some of the reporting gets slow if you try to go back more than 7 days.  I personally like to be able to filter on an IP, MAC address, or username/machine name to be able to see whether someone is online and what switch/port they are on.  You wouldn't be able to trust the Live Logs if you aren't sure if they authenticated recently or not.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎12-05-2019 06:27 PM

A couple of things come to mind.  First, from a security perspective, someone could use a hub or other device that keeps the link state of the port up and is able to plug a rogue device in after the good device authenticates.  Then the rogue device would have access seemingly for a long period of time without having to reauthenticate.  Reauthenticating at least every 12 hours may not stop this activity but would cause the rogue actor some headaches.

Second, for visibility, troubleshooting, and/or reporting, you may miss some devices if they haven't authenticated in the previous day or so.  ISE Live Logs only go back for 24 hours.  And some of the reporting gets slow if you try to go back more than 7 days.  I personally like to be able to filter on an IP, MAC address, or username/machine name to be able to see whether someone is online and what switch/port they are on.  You wouldn't be able to trust the Live Logs if you aren't sure if they authenticated recently or not.

0 Helpful
Customers Also Viewed These Support Documents