Solved: Cisco ISE policy set

donnie · ‎11-05-2019

Hi all,

I have 2x main policy sets on my cisco ise v2.4.
The conditions for the 1st policy set is wireless MAB or wired MAB which is meant for my legacy PCs.
The conditions for my 2nd policy set is wireless 802.1x or wired 802.1x which is meant for my PCs enforced with 802.1x.
I notice that some of my clients PCs which are enforced with 802.1x would hit the 1st policy set whenever they attempt to connect to my network. Why is this so? TIA!

Anurag Sharma · ‎11-06-2019

Hi Donnie,

This seems to be an issue either at the client PC's end or at the switch end.

On switch, please make sure the interface config is the same for ports where MAB is happening and on ports where Dot1x is happening.

On client PC, please make sure 802.1x is enabled and running.

Once you have verified those two, we can check the 802.1x debugs on the switch to determine what's going on.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

View solution in original post

Anurag Sharma · ‎11-06-2019