11-06-2019 07:13 AM
Hi,
Currently all ports is running in monitor mode(template OPEN_MODE). I randomly chose Gi1/0/7 in template "closed"
Then i "shut, no shut" the port Gi1/0/7. Traffic not passing through like forever. The device has no error during monitor mode with auth passed and in the ALLOW authorization policy.
If i normalize back Gi1/0/7 to template OPEN_MODE, traffic PASS again.
Wht could be the issue? PLS PLS SOMEONE HELP ME!!!!
template OPEN_MODE
dot1x pae authenticator
mab
access-session control-direction in
access-session port-control auto
authentication periodic
authentication timer reauthenticate server
service-policy type control subscriber DOT1X
!
template closed
dot1x pae authenticator
mab
access-session control-direction in
access-session closed
access-session port-control auto
authentication periodic
authentication timer reauthenticate server
service-policy type control subscriber DOT1X
Solved! Go to Solution.
11-08-2019 08:18 PM - edited 11-11-2019 12:17 PM
I believe you are correct on this. I've seen some mention that 802.1X not supported on trunk ports. If your intention is to have endpoints on different VLAN on the same switch interfaces and you are using Catalysis 3650, 3850, or 9K series on recent IOS-XE releases, my impression is that is possible on access ports.
Per MAC per VLAN Assignment (aka MAC based VLANs)
802.1X on Trunk Ports
11-06-2019 07:26 AM
What does it show in the ISE Live Logs (Operations->Radius->Live Logs)? Is it failing authentication? Is it passing authentication in ISE?
11-06-2019 08:53 AM
Hi,
I think it was caused by trunk port. I am using trunk port.
I am not sure why this happens.
I heard access port has no issue.
I m still seeking the answers.
11-08-2019 08:18 PM - edited 11-11-2019 12:17 PM
I believe you are correct on this. I've seen some mention that 802.1X not supported on trunk ports. If your intention is to have endpoints on different VLAN on the same switch interfaces and you are using Catalysis 3650, 3850, or 9K series on recent IOS-XE releases, my impression is that is possible on access ports.
Per MAC per VLAN Assignment (aka MAC based VLANs)
802.1X on Trunk Ports
01-25-2021 07:07 AM
We are using a WS-C3850-24U with software version 16.6.3 controlled with ISE commands. Getting request timeout continuously even if the endpoint is authenticated and authorized.
ISE live logs shows repeated entry for every drop and it is successful too. If we remove the ISE commands it works perfectly without any issue. ISE version is 2.4.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide