Hello, I want to ask if the issue is related to timers and latency between the authenticator and ISE.
I have below setup
Domain Laptop -> Get Internal VLAN
Guest Laptop -> Get Guest VLAN
Below is the interface configuration
interface GigabitEthernet2/0/16
switchport access vlan 80
switchport mode access
switchport voice vlan 50
switchport port-security maximum 3
switchport port-security violation restrict
switchport port-security aging time 5
switchport port-security aging type inactivity
switchport port-security
ip device tracking maximum 65535
no logging event link-status
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
authentication periodic
authentication timer reauthenticate 54000
access-session host-mode multi-host
mab
dot1x pae authenticator
no cdp enable
spanning-tree portfast
service-policy type control subscriber PORT_DOT1X_POLICY
end
Whats happening is. When a guest laptop(non-domain) plugs into a port with 802.1x configuration it will get an IP from VLAN 80, but will not have any access to the network, after the dot1x auth is state is stop we issue the command release and renew on end machine and it will get the guest VLAN. Is this behaviour normal? Ideally if possible, we would not need to issue the release renew command on end machine.