Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1603
Views
0
Helpful
3
Replies

Cisco ISE auth alternatives

a.benhima
Level 1
Level 1

‎03-10-2015 03:56 PM - edited ‎03-10-2019 10:32 PM

Hi everyone,

I'm a beginner with cisco ISE, and I have a very special case that may occur frequently in my situation ... 

In normal case, the client exchanges EAP messages with the switch, and the switch acts as a proxy server regarding the ISE server.

My special case is when the connectivity between ISE and the switch is lost, the easiyest alternative is to redirect the client to the auth-fail VLAN. but this alternative is not productive (regarding our needs) ...

Is there any alternatives for this case of study. this is very urgent please.

 

Thank you for your support.

Labels:
0 Helpful
3 Replies 3

Charles Hill
VIP Alumni
VIP Alumni

‎03-10-2015 06:54 PM

The good news is if your switch/nads lose connectivity to ISE, the clients that are already connected, typically are not impacted, however any new users that are attempting to connect during the outage are impacted. 

The 3 failover options for catalyst switches are fail open, fail closed and fail to a specific vlan. 

 

 

0 Helpful

a.benhima
Level 1
Level 1
In response to Charles Hill

‎03-11-2015 03:53 AM

Thanks Cehill for your answer, 

 

For users already connected, how long they gonna stay connected ? (is there a timeout ?) (can I change this timeout if it exists ?)

 

Thanks again.

0 Helpful

Charles Hill
VIP Alumni
VIP Alumni
In response to a.benhima

‎03-11-2015 05:54 AM

Hello a.benhima,

You can change the timer or disable re-authentication.

Here is a link to another posting that discusses the authentication timer.

https://supportforums.cisco.com/discussion/11971961/ise-authentication-timers-issues

 

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Top