10-23-2019 11:14 AM - edited 10-23-2019 11:15 AM
Hello,
I set up a wired 802.1x configuration. A windows DC/DNS/CA and a DHCP/NPS server authenticate and authorize succesfully a switch port.
Unfortunately, no traffic is allowed to pass through the port?!? IP address on the host and Vlan on the switch are correctly assigned from NPS/DHCP server.
If I issue a packet filter; ARP requests from the host are answered from the switch, but pings originating from the switch are replied by the host, but are not arriving back.
Does anyone have an idea where to look?
Included some useful info.
Thanks!!
Solved! Go to Solution.
10-23-2019 12:42 PM
Actually its solved...
I found out that with dot1x authentication an extended acl is installed on the switch. I had to overwrite it and apply to the correct interface...
10-23-2019 11:53 AM
I don't see an applied ACL, but are you sending down a DACL from ISE?
Is this done on port 1, and what vlan are you sending the device to?
once it is on, do you see the correct vlan doing a show int status?
10-23-2019 12:42 PM
Actually its solved...
I found out that with dot1x authentication an extended acl is installed on the switch. I had to overwrite it and apply to the correct interface...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide