cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

250
Views
5
Helpful
2
Replies
Highlighted

802.1x session termination when disconnecting device

I'm having an issue on Cisco 2960 with not being able to move a device from one port to another within the MAC address timeout on a port. When using a laptop in something like a meeting room and afterwards moving to another place (within 5min), the port will not authenticate. It works fine, if I clear the port on the first connection or wait 5 minutes. I've been looking for configuration to terminate the port 802.1x session when disconnecting the cable/device, which I thought it'd do anyway, but I've come up short.

There isn't any other device connected to the port like an IP phone. 

Configuration:

interface range 
authentication host-mode multi-auth
authentication order dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 5
dot1x max-req 3
dot1x max-reauth-req 10

And then the radius server. Other than that its the most standard access configuration. 

2 REPLIES 2
Highlighted

Configured mac move on the

Configured mac move on the ports which solved the issue.

Highlighted
Cisco Employee

Hi Kasper! First of all, good

Hi Kasper! First of all, good job on solving your own problem. Also, thank you for taking the time to come here and post the solution (+5 from me). 

A couple of other things to mention here:

1. You can enable the authentication mac-move permit globally

2. You are missing some port-related commands that I would suggest enabling. For more info pls check this link (it is old but pretty relevant):

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_10_universal_switch_config.pdf

Thank you for rating helpful posts!