Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2237
Views
0
Helpful
3
Replies

Cisco ISE and Authentication Failed VLAN

mkriss5681
Level 1
Level 1

‎04-09-2013 07:21 AM - edited ‎03-10-2019 08:17 PM

I am trying to setup ISE to assign a VLAN to unauthorized computers. I tried using "authentication event fail action authorize vlan 666" command but unfortunately I'm using multi-auth because we have users with bridged VMs and Cisco does not support it (http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1454875).

Is there a way to make an Authorization/Authentication profile within ISE to assign the VLAN to failed devices?

Labels:
0 Helpful
3 Replies 3

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎04-10-2013 11:32 PM

You can set endpoint protection status to quarantine, and establish policies  that assign different
authorization profiles, depending on the status of the  endpoint.
Quarantine essentially moves an endpoint from its default VLAN to a  specified Quarantine VLAN. The
The Quarantine VLAN must be previously defined  by a network administrator and supported on the
same NAS as the endpoint.  Unquarantine reverses the quarantine action, returning the endpoint to  its
original VLAN.
The quarantine and unquarantine actions are performed  as a result of established Authorization Rules
that are defined to check for  EPSStatus

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_eps.html#wp1219979

0 Helpful

mkriss5681
Level 1
Level 1
In response to Venkatesh Attuluri

‎04-12-2013 05:01 AM

Thank you! I'll check it out.

0 Helpful

mkriss5681
Level 1
Level 1
In response to Venkatesh Attuluri

‎04-12-2013 05:04 AM

Unfortunately I only have the Base Liscense so I am out of luck.

0 Helpful
Customers Also Viewed These Support Documents
Top