Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1714
Views
5
Helpful
3
Replies

Authentication and Posture options if ISE fails

Go to solution
jalfredo.garcia
Level 1
Level 1

‎11-04-2021 09:34 PM

What are the suggested configuration for WLC and Catalyst Switches if ISE authentication fails in a single server environment? What other DB users sources could be used? The endpoints could gain acces to the network? Under what conditions/configurations? If posture features will be used and ISE is unavailable, what will be the behaviour?

Thanks a lot for your responses! 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎11-05-2021 04:59 AM

Totally agree with @Kasun Bandara comments.  

 

 The endpoints could gain acces to the network? Under what conditions/configurations? If posture features will be used and ISE is unavailable, what will be the behaviour?

-There are some other mechanisms you can configure/deploy on your NADs.  For example, role based critical authz.  This essentially grants clients the same network access even when ISE is not reachable next time in the event of an outage.  Take a look here at further info: ISE Secure Wired Access Prescriptive Deployment Guide - Cisco Community

HTH!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kasun Bandara
VIP
VIP

‎11-04-2021 09:39 PM

Hi,

if ISE is unavailable, already authenticated users will keep sessions till timeout and new authentications/posture tests/etc, will fail to continue.

 

rate this and mark as answer, if this resolved your issue

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎11-05-2021 04:59 AM

Totally agree with @Kasun Bandara comments.  

 

 The endpoints could gain acces to the network? Under what conditions/configurations? If posture features will be used and ISE is unavailable, what will be the behaviour?

-There are some other mechanisms you can configure/deploy on your NADs.  For example, role based critical authz.  This essentially grants clients the same network access even when ISE is not reachable next time in the event of an outage.  Take a look here at further info: ISE Secure Wired Access Prescriptive Deployment Guide - Cisco Community

HTH!

0 Helpful

Go to solution
jalfredo.garcia
Level 1
Level 1
In response to Mike.Cifelli

‎11-23-2021 10:56 AM

Thanks for your response. I reviewed the url, is an excellent option for wired clients. What happens with wireless clients and endpoints like phones and cameras? Exists a way to provide some similar authentication and permit network access?
Thanks again and regards.
0 Helpful
Customers Also Viewed These Support Documents