Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1164
Views
0
Helpful
3
Replies

Easyconnect User Mobility (wireless to wired or wired to wired)?

Go to solution
joplant
Cisco Employee
Cisco Employee

‎06-26-2018 12:38 PM

Hey All,

I saw this posted on Tech Zone sorry for the duplicate but it wasn't answered there.

In the situation where the user logs on to wireless (or even a wired network on a different vlan), then logs into AD, then moves the workstation to a wired port without logging out/logging in to AD, is there any way for ISE to stitch the session back together or will the user be left without connectivity until they re-login to AD?

In this case, we can't assume the workstation will have the same MAC address nor the same IP address.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-26-2018 02:31 PM

No. Easyconnect is for those utilizing wired ports. If you move around you will need to kick off event to update the AD entry. There is no tracking on different interfaces as well and is not meant to be used on wireless either.

Example user plugs into port X. Logs into domain. Good

User unplugs and plugs into port Y. user ip address not updated. User should log off and then back in to update the cache.

If you want this type of mobility then you need to move to dot1x!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-26-2018 02:31 PM

No. Easyconnect is for those utilizing wired ports. If you move around you will need to kick off event to update the AD entry. There is no tracking on different interfaces as well and is not meant to be used on wireless either.

Example user plugs into port X. Logs into domain. Good

User unplugs and plugs into port Y. user ip address not updated. User should log off and then back in to update the cache.

If you want this type of mobility then you need to move to dot1x!

0 Helpful

Go to solution
joplant
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎06-26-2018 02:35 PM

Hey Jason, Thanks!

The use case here would be for a customer using Easyconnect on wired but that still has some wireless in their environment.  Perhaps they are using 802.1x on wireless and Easyconnect on wired.

However, you answered my question in that there really isn't an easy way to do mobility with Easyconnect and that the AD login is the only event that will refresh session info (due to the updated IP address).

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to joplant

‎06-26-2018 02:44 PM

Wireless is treated completely different than the wired with easy connect.

If a user is on wireless then plugs in they will need to log out and back in as the user to add a user to ip address mapping.

Also support for dual NIC would be not tested. Say I have wired easyconnect and wireless dot1x. likely something wonky may happen but customer could try it out.

Best scenario would be wired only all the time and don’t move around a lot.

Would highly recommend using dot1x if they don’t like this.

0 Helpful
Customers Also Viewed These Support Documents