cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

DOT1.X remote sites

adamgibs7
Frequent Contributor
Frequent Contributor

Dears,

I have a site to site vpn between the HQ and remote sites, in HQ ISE is running 802.1X perfect now the requirement is to enable 802.1X on remote sites users desktops, i have added remote site switch in the ISE but not the firewall but things are not working for me when i test the switch by aaa command it shows me no authoritative servers are available, i.e means packets are not reaching to the server and somewhere getting drops, i have also enabled radius ports on the vpn traffic. 

Is there any specific setting has to be enabled on the firewall to pass dot1.X packets.

Thanks

4 REPLIES 4

adamgibs7
Frequent Contributor
Frequent Contributor

Dears,

Anybody can help me with the above configuration.

thanks

Ravi Singh
Rising star
Rising star

Please check the below link and make sure these ports are open

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html

adamgibs7
Frequent Contributor
Frequent Contributor

Dear Ravi,

I only want to do 802.1X, so for that which ports i have to open, as it seem there is no ports except the radius server port 1645,1646,1845,1846.

thanks

adamgibs7
Frequent Contributor
Frequent Contributor

Dear,

i have enabled all the ports by permit ip any any but still it didnt worked for me, so please confirm to me that there is no special configuration on asa vpn  for the EAP packets to pass from VPN.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: