01-02-2024 08:40 PM
Dear Community,
We have 3 deployment Nodes
- PAN
- Secondary Node
- PxGride Node
We use switch cisco model 9200 which supporting critical vlan.
In case all ISE Nodes completely down how to bypass new endpoints session and existing session still alive and able access to internal systems and internet.
We concern with endpoints that start new session after all ISE Nodes are down.
Does Critical vlan can do it on switch level?
Do we have another solution to on ISE or else?
Thanks,
Solved! Go to Solution.
01-03-2024 12:51 AM
@Da ICS16 Inaccessible Bypass or Critical Authentication will maintain existing authenticated sessions and authorise new sessions into a Critical VLAN if all AAA servers are down.
https://integratingit.wordpress.com/2020/12/02/802-1x-critical-authentication/
01-03-2024 01:42 AM - edited 01-03-2024 06:21 AM
If you use aaa event server dead authz vlan (critical) then any new endpoint will auth and authz get vlan critical
And if you want to make endpoint to reauthz when server life again
Commands you need are two
authentication event server dead action authorize vlan (critical)
authentication event server alive action reinitialize
All this config in SW per interface
MHM
01-02-2024 11:35 PM
- This is not a realistic requirement ; the ISE will never be down on a realistic environment , except for 'global' networking calamities,
M,
01-03-2024 12:51 AM
@Da ICS16 Inaccessible Bypass or Critical Authentication will maintain existing authenticated sessions and authorise new sessions into a Critical VLAN if all AAA servers are down.
https://integratingit.wordpress.com/2020/12/02/802-1x-critical-authentication/
01-03-2024 01:42 AM - edited 01-03-2024 06:21 AM
If you use aaa event server dead authz vlan (critical) then any new endpoint will auth and authz get vlan critical
And if you want to make endpoint to reauthz when server life again
Commands you need are two
authentication event server dead action authorize vlan (critical)
authentication event server alive action reinitialize
All this config in SW per interface
MHM
01-04-2024 01:16 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide