04-14-2020 08:21 AM
Hello,
I Have a question regrading anyconnect NAM.
ISE: 2.6 Patch 5
Endpoint: windows 10
Authentication : EAP-FAST Mahcine ( EAP-TLS ) User ( EAP-MSCHAPv2 ) with EAP-Chaining.
if for some reason the endpoint has an issue and i need to authenticate it using MAB, how can this be done?
I created a whitelist group ( mab group ) and i notice that the endpoint never fall to mab and keep tried to authenitcation using DOT1X.
Is there anything special that needs to be enabled on the NAM Profile Editor In addition to the settings I've already made?
( Both DOT1X and MAB are allowed on the port ).
Thanks.
04-14-2020 08:42 AM
04-15-2020 12:40 AM
Here is the config:
interface GigabitEthernet1/0/1
switchport access vlan 50
switchport mode access
authentication control-direction in
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server
mab
dot1x pae authenticator
dot1x timeout tx-period 7
dot1x max-reauth-req 3
spanning-tree portfast
!
04-14-2020 01:33 PM
if your switch port is configured to failover to mab it should go to mab.
Can you see in the switch port that it's trying dot1x then going mab ?
04-15-2020 12:43 AM
The switch said Dot1x Running for about 21 seconds and then it fall to mab but then immediately return to Dot1x ( after 1 second).
I Configured this endpoint to fail on DOT1X on purpose to see if it fall on MAB, but it never gets network connection.
04-15-2020 05:00 AM
04-15-2020 06:43 AM
I really don't want to change the order or the priority as most of the devices are DOT1X and it's more secure to start with DOT1X anyway.
Is it possible it's got something to do with the Network Access Profile Editor?
04-15-2020 11:16 AM
04-16-2020 06:13 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide