Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1676
Views
0
Helpful
3
Replies

Cisco ISE: HotFix and Timers for 802.1x (EAP-TLS)

Mubasher Sultan - 2x CCIE # 20149 (R&S | Sec)
Level 1
Level 1

‎09-02-2013 06:00 AM - edited ‎03-10-2019 08:50 PM

Hi,

I found the below Hot-Fix to be set;

http://blogs.technet.com/b/jeff_stokes/archive/2013/01/24/20-minute-delay-deploying-windows-7-on-802-1x-fix-it-here.aspx

Kindly let me know that what is the best time to be set on it. It tells 20 mintues. Also, i wanna know that what is the corresponding configuration needs on Switch and ISE to reflect it or doesn't need it.

Thanks,

Regards,

Mubasher Sultan

Labels:
0 Helpful
3 Replies 3

Anas Naqvi
Level 1
Level 1

‎09-02-2013 11:31 AM

Hello Mubashir,

Many timers can be modified as  needed in a deployment. Unless you are experiencing a specific problem  where adjusting the timer may correct unwanted behavior, it is  recommended to leave all timers at their default values except for the  802.1X transmit timer (tx-period).

The tx-period timer defaults to a value of 30 seconds.  Leaving this value at 30 seconds provides a default wait of 90 seconds  (3 x tx-period) before a switchport will begin the next method of  authentication, and begin the MAB process for non-authenticating  devices.

Based on numerous deployments, the best-practice  recommendation is to set the tx-period value to 10 seconds to provide  the optimal time for MAB devices. Setting the value below 10 seconds may  result in the port moving to MAC authentication bypass too quickly.

Configure the tx-period timer.

C3750X(config-if-range)#dot1x timeout tx-period 10

0 Helpful

Mubasher Sultan - 2x CCIE # 20149 (R&S | Sec)
Level 1
Level 1
In response to Anas Naqvi

‎09-04-2013 03:56 AM

Dear Munir,

It is already configured "dot1x timeout tx-period 5".... What i am asking here is that in reference to above HOTFIX, what value should also be reflect in switch or ISE to work with it?

Hopes it clear...

Could you please also let me know that what does the Re-authentication works in ISE and where is it preferred to configure in Switch Port or ISE?

Thanks,

0 Helpful

blenka
Level 3
Level 3

‎09-04-2013 12:33 PM

Please find the link for : Switch Configuration Required to Support Cisco ISE Functions timer.

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.html

0 Helpful
Customers Also Viewed These Support Documents