cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3490
Views
0
Helpful
2
Replies

Cisco AV Pair - Termination Action

jowood1412
Level 1
Level 1

I've seen discussion in these forums and mention in the ISE Posture Best Practices about using the av-pair termination-action-modifier=1 setting to tell the NAD to use the same authentication method from the original authentication. 

 

This is definitely something I want to use because I have some devices that may be connected to ports that have a dot1x mab authentication order that I know will only authenticate with mab. However, when I go to the advanced attributes settings for policies, the termination-action-modifier=1 does not exist. 

 

We're running ISE version 2.6.0.156 with patches 6 and 8 installed. 

 

Has anyone else run into this before? Am I missing something with this setting?

 

settings.PNG

1 Accepted Solution

Accepted Solutions

Hi @jowood1412 ,

 you are probably using the ISE Posture Deployment Best Practices and Considerations, Use Case 2.

 Try to type the value inside the box:

Cisco-AV-Pair.png

 

Hope this helps !!!

View solution in original post

2 Replies 2

Hi @jowood1412 ,

 you are probably using the ISE Posture Deployment Best Practices and Considerations, Use Case 2.

 Try to type the value inside the box:

Cisco-AV-Pair.png

 

Hope this helps !!!

Success! I'll admit, I didn't love the idea of just typing a value into the field when it wasn't available in the menu, but it did work. I watched the devices affected by that policy and they did in fact start following the previous authentication method instead of the first priority method, so the setting works as advertised. 

 

Many thanks and I hope that setting ends up in the menu soon!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: