11-22-2019 04:41 AM - edited 02-21-2020 11:12 AM
Hi,
I'm deploying wired dot1x with trustsec and I was wondering what would have happened if ISE wasn't available.
I did some research and I found out that the solution was critical authentication but the guide is not completely clear.
Here is the exemple.
Device> enable Device# configure terminal Device(config)# radius-server dead-criteria time 15 tries 3 Device(config)# radius-server deadtime 10 Device(config)# radius server RASERV-1 Device(config-radius-server)# address ipv4 172.20.254.4 auth-port 1812 acct-port 1813 Device(config-radius-server)# automate-tester username dummy Device(config-radius-server)# pac key 7 mypackey Device(config-radius-server)# exit Device(config)# radius server RASERV-2 Device(config-radius-server)# address ipv4 172.20.254.8 auth-port 1645 acct-port 1646 Device(config-radius-server)# automate-tester username dummy Device(config-radius-server)# pac key 7 mypackey Device(config-radius-server)# exit Device(config)# cts dot1x-server-timeout 30 Device(config)# cts dot1x-supp-timeout 30 Device(config)# cts server test all idle-time 3 Device(config)# cts critical-authentication default peer-sgt 5 Device(config)# cts critical-authentication Device(config)# cts critical-authentication default pmk password123 Device(config)# cts cache nv-storage bootdisk:cache Device(config)# cts critical-authentication fallback cached Device(config)# exit
Here's my questions:
1) why would we need a pmk password if Ise is down?
2) we set a default sgt but what's the meaning and how we used it and where
3) why we need a test user to check the availabilty of ise if we have default timers?
Thanks
Michele
Solved! Go to Solution.
12-07-2019 12:50 PM
Most of the info is at Critical Authentication Overview
Some more recent recommendation is not to use automate-tester with CTS.
12-07-2019 12:50 PM
Most of the info is at Critical Authentication Overview
Some more recent recommendation is not to use automate-tester with CTS.
12-15-2019 09:53 AM
thanks for the reply but i wrote this thread after reading your documentation and it's not clear.
also why should I need automate tester?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide