cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

288
Views
0
Helpful
4
Replies
adamgibs7
Frequent Contributor

DOT1.X remote sites

Dears,

I have a site to site vpn between the HQ and remote sites, in HQ ISE is running 802.1X perfect now the requirement is to enable 802.1X on remote sites users desktops, i have added remote site switch in the ISE but not the firewall but things are not working for me when i test the switch by aaa command it shows me no authoritative servers are available, i.e means packets are not reaching to the server and somewhere getting drops, i have also enabled radius ports on the vpn traffic. 

Is there any specific setting has to be enabled on the firewall to pass dot1.X packets.

Thanks

4 REPLIES 4
adamgibs7
Frequent Contributor

Dears,

Anybody can help me with the above configuration.

thanks

Ravi Singh
Rising star

Please check the below link and make sure these ports are open

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html

adamgibs7
Frequent Contributor

Dear Ravi,

I only want to do 802.1X, so for that which ports i have to open, as it seem there is no ports except the radius server port 1645,1646,1845,1846.

thanks

adamgibs7
Frequent Contributor

Dear,

i have enabled all the ports by permit ip any any but still it didnt worked for me, so please confirm to me that there is no special configuration on asa vpn  for the EAP packets to pass from VPN.

Thanks

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube