11-05-2019 03:02 AM
Hello,
I note from logs that our WIFI users are authenticating via the Default MAB rule in the default policy set and then authenticating via a 802.1x rule created within a policy set I have created, which is further up in the policy sets.
If I disable the default MAB authentication rule within the default policy set the user then fails authentication in the 802.1x rule.
It appears that the user first uses MAB then 802.1x.
Is there a way around this, I only want users to authenticate in the Policy Set that I created and not use the default Policy Set.
Thanks
Andy
Solved! Go to Solution.
11-08-2019 08:01 PM
If you are using Cisco WLC, you might have the WLAN configured for MAC Authentication Failover to 802.1X.
You might want to take a look at this guide -- Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3
11-05-2019 06:07 AM
Try changing the order in authentication policy and give it a try.
ISE tried policies in sequential order. Also, for authentication failing via dot1x a quick view on the policy might give an idea.
11-05-2019 06:27 AM
Please share your auth rules to be sure your 802.1x rule does not have any coorelation with MAB.
Really though, wifi should only be doing MAB or dot1x, not both. If you want to use dot1x, please ensure MAC filtering is disabled on the wlan.
11-08-2019 08:01 PM
If you are using Cisco WLC, you might have the WLAN configured for MAC Authentication Failover to 802.1X.
You might want to take a look at this guide -- Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide