Solved: Access network when Cisco ISE down or switch can't connect to ISE - Page 2

quangle1993 · ‎09-29-2017

Hi everyone,

I have this situation :
Headquarter in City A with Cisco ISE

Office in City B with Switch, no local IT

If ISE down or connection between ISE and Switch lost and the switch cant communicate with ISE, user in Office can't access to network. They cann't even use the printer, ipphone in their office. They can do nothing. This is unacceptable cause it impact to business too much.

I want to ask are there any way to let user access to network when ISE down or switch can't communicate with ISE. But when ISE work fine and the Switch can connect to ISE. Every user must authentication to get access.

Many thanks

Quang

Rob Ingram · ‎12-13-2018

Hi,

"authentication event fail action next-method" - if first authentication method fails, try the next method if configured. Useful if you are using dot1x and mab.

"authentication event fail action authorize vlan" - if authentication fails move the port into the fail auth vlan.

The "authentication event server dead action authorize vlan" command instructed the interface what to do when the RADIUS server was unreachable.

HTH

Ditter · ‎12-13-2018

>"authentication event fail action next-method" - if first authentication method fails, try the next method if >configured. Useful if you are using dot1x and mab

Still don't understand the meaning of the above command, as you can configure

"authentication order mab dot1x webauth" and "authentication priority mab dot1x webauth"

which (i think) try all methods in sequence.... so what the meaning of the "authentication event fail action next-method"

Thanks.