10-30-2019 07:49 AM
Our switches with with ISE but before it authenticates it has access to any network. This is an issue because if someone wants to access our network it just need to unplug/plug LAN cable every 15 seconds. Is there a way to deny all type access unitl the host authenticates with ISE?
Solved! Go to Solution.
10-30-2019 12:32 PM
10-30-2019 10:24 AM
10-30-2019 11:38 AM
This is the config of the interface:
interface FastEthernet0/1
switchport access vlan 30
switchport mode access
authentication event fail action next-method
authentication event server dead action authorize vlan 30
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
spanning-tree bpduguard enable
On DACL, guest users when they connect to LAN have access to internet only but before the computer authenticates with ISE they have access to internal networks and I want to prevent this.
10-30-2019 12:32 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide