07-22-2019 04:01 AM - edited 07-22-2019 04:01 AM
I seem to recall that if a switch looses connection to all PSN nodes, the authentication session will remain active for a during of time? Is this correct or I'm remembering it wrongly?
Solved! Go to Solution.
07-22-2019 05:27 AM
07-22-2019 05:34 AM
07-22-2019 04:28 AM
07-22-2019 05:15 AM
Thanks - In my case I haven't configured the interface level "dot1x reauthentication" command so the clients will be persistent if ISE fails.
Where is the configuration set in ISE?
07-22-2019 05:19 AM
07-22-2019 05:26 AM
interface GigabitEthernet2/0/14
description DYNAMIC-USER
switchport mode access
switchport voice vlan 40
authentication control-direction in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 2104
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer restart 5
authentication timer inactivity server dynamic
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout tx-period 3
spanning-tree portfast
spanning-tree bpduguard enable
07-22-2019 05:34 AM
07-22-2019 05:27 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: