Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1736
Views
0
Helpful
1
Replies

About authentication order and authentication priority

Go to solution
dgaikwad
Level 5
Level 5

‎07-07-2020 10:10 PM

Hi Experts,

I am in need of some clarification about these tow commands

I have a tried and test template that has a authentication order mab dot1x and authentication priority dot1x mab

Now this is working well for the clients and recently we added to configuration to some more switches in production and initiallly found out that these endpoints were not able to initiate a dot1x authentication and would always fallback to MAB...

But when I change the authentication order mab dot1x to dot1x mab, then those same endpoints started authentication using dot1x... Which is strange, since when I connected already working endpoint to the previously configured authentication order, then that was able to work, which made me think that there was an issue with the NIC or the OS.
But, now with this simple change of order has just put me a different spiral of events...
So, what is the real reason of using authentication order and priority commands?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎07-07-2020 10:56 PM

Have a look at the Flexible Authentication Order, Priority, and Failed Authentication document for info on how this legacy IBNS feature works.

Pay particular attention of the footnote reference to the 'termination-action-modifier=1' attribute. This needs to be returned in the AuthZ Profile used by your 802.1x endpoints so the switch will only attempt the last auth method (802.1x) after a reauth.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎07-07-2020 10:56 PM

Have a look at the Flexible Authentication Order, Priority, and Failed Authentication document for info on how this legacy IBNS feature works.

Pay particular attention of the footnote reference to the 'termination-action-modifier=1' attribute. This needs to be returned in the AuthZ Profile used by your 802.1x endpoints so the switch will only attempt the last auth method (802.1x) after a reauth.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents