08-09-2018 01:25 AM
Hi All,
If it should happen, that something goes wrong and ISE cant authenticate devices on switch ports via 802.1x, what immediately actions could remove 802.1x from switches or allow all devices onto the network?
Best regards,
Michael
Solved! Go to Solution.
09-06-2018 11:05 AM
09-06-2018 11:06 AM
my thought exactly, and since MAB auth is connected, there will be no CoA. What if we imagined that a client with an expired certificate gets profiled with CorpPC_EXPRIED, and with the new certificate it gets the old profile back CorpPC, and then the new profile triggers CoA?
On the other hand, if a client has an expired certificate the machine hasn't been in contact we the domain for a long time, then there might be a valid reason to contact the IT department :)
I'm going to pick at this again, what if the server side certificate expires, the one ISE uses to authenticate clients, and all endpoints get MAB auth and hits the portal. How would we fix this after the certificate have been updated?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide