Dear,

adamgibs7 · ‎03-08-2017

Dears,

I have a site to site vpn between the HQ and remote sites, in HQ ISE is running 802.1X perfect now the requirement is to enable 802.1X on remote sites users desktops, i have added remote site switch in the ISE but not the firewall but things are not working for me when i test the switch by aaa command it shows me no authoritative servers are available, i.e means packets are not reaching to the server and somewhere getting drops, i have also enabled radius ports on the vpn traffic.

Is there any specific setting has to be enabled on the firewall to pass dot1.X packets.

Thanks

adamgibs7 · ‎03-09-2017

Dears,

Anybody can help me with the above configuration.

thanks

Ravi Singh · ‎03-09-2017

Please check the below link and make sure these ports are open

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html

adamgibs7 · ‎03-09-2017

Dear Ravi,

I only want to do 802.1X, so for that which ports i have to open, as it seem there is no ports except the radius server port 1645,1646,1845,1846.

thanks

adamgibs7 · ‎03-12-2017

Dear,

i have enabled all the ports by permit ip any any but still it didnt worked for me, so please confirm to me that there is no special configuration on asa vpn for the EAP packets to pass from VPN.

Thanks

DOT1.X remote sites

Remote access VPN on Dot1.x User

Dot1.x error 5434

IOS XR: Link Fault Signaling(Local Fault、Remote Fault) について

Multi-Site e ISN (Inter Site Network)

[ACI 5.2] Remote Leaf の追加