cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
681
Views
0
Helpful
2
Replies

inaccessible authentication bypass on wireless

vinodjad1234
Explorer
Explorer

Hi Experts ,

 

We are deploying 802.1x authentication for wired as well as for wireless , I can across one of the terminology where even if radius server is down , clients can get access to network .

 

 

 

I am not sure how it worked by configuring two commands :

 

authentication event server dead action authorize vlan X

authentication event server alive action reinitialize

 

statement says that "Use inaccessible authentication bypass to assign the critical port to VLAN "

 

what is mean by critical port ? and how it works , do we need to configure anything on ISE server ?

 

is it possible to configure the same for wireless set-up as well ? if yes, what is the configuration we need on wireless lan controllers ?

 

one more concern about "failed access handling "  

 

if client identity is not valid or credentials are expired what is the recommended option to be configured on ISE for those clients  ?

 

can anybody please share the document which talks about failed access handling in practical set-up.

 

 

 

2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

authentication event server dead action authorize vlan X

authentication event server alive action reinitialize

 

this commands help you to in case if radius server is down then the client connected to this port where this command is given are put in to vlan X (make sure that this vlan is restricted).

And you have following options for client identity not found

 

If endpoint do not meat any policy's defined then we have a default policy thats applied

Thanks Venkatesh ,

 

you mean, we need one new vlan which will have restricted access ...

how do i configure restricted vlan in my LAN , do i need to create access-list and apply to respective SVI ?

 

what if I reject the users in case of server failure or have very basic configuration where I do not have any rules configured as inaccessible bypass policy ? what would be impact on network ?

 

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers