cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5544
Views
5
Helpful
22
Replies

Cisco ise 2.4 anyconnect all windows restart authentication failed dot1x

emre
Level 1
Level 1

hello everyone


I have a problem guys,

1 piece standalone cisco ise v2.4 I use it in the building

500 to 800 users are working

''now; map authentication side is actively working now ''


anyconnect is installed on all computers and config is ready,

and when I activate the ports on the switch, I see that there is authentication on it

so the system is working'


but


there is no authentication at all when I restart computers,

running system before restarting computers
does not work after restarting computers


authentication does not work when I restart computers


and non-authentication users

anyconnect software asks for username and password

 

Meanwhile, I upgraded the patch updates

I made switch firmware updates

and there are switches operating in different brands

juniper,alcatel,huawei


I request your support on this matter, friends

thanks,

 

I'm transmitting the config information in the attachment,

 

 

 

 

'''

aaa authentication login default group XX_tacacs local
aaa authentication login console local
aaa authentication login CONSOLE none
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec default group XX_tacacs local if-authenticated
aaa authorization exec CONSOLE none
aaa authorization commands 1 default group XX_tacacs local if-authenticated
aaa authorization commands 15 default group XX_tacacs local if-authenticated
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group baro_tacacs
aaa accounting commands 1 default start-stop group XX_tacacs
aaa accounting commands 15 default start-stop group XX_tacacs

'''

 

port config

 

interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 40
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
power inline port 2x-mode
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 1
spanning-tree portfast
spanning-tree bpduguard enable

 

 

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

It's time to call TAC.

In the future, please provide relevant configurations and errors in the beginning of your post to make it faster and easier for people to provide suggestions. See How to Ask The Community for Help.

View solution in original post