Hi Experts ,
We are deploying 802.1x authentication for wired as well as for wireless , I can across one of the terminology where even if radius server is down , clients can get access to network .
I am not sure how it worked by configuring two commands :
authentication event server dead action authorize vlan X
authentication event server alive action reinitialize
statement says that "Use inaccessible authentication bypass to assign the critical port to VLAN "
what is mean by critical port ? and how it works , do we need to configure anything on ISE server ?
is it possible to configure the same for wireless set-up as well ? if yes, what is the configuration we need on wireless lan controllers ?
one more concern about "failed access handling "
if client identity is not valid or credentials are expired what is the recommended option to be configured on ISE for those clients ?
can anybody please share the document which talks about failed access handling in practical set-up.
this commands help you to in case if radius server is down then the client connected to this port where this command is given are put in to vlan X (make sure that this vlan is restricted).
And you have following options for client identity not found
If endpoint do not meat any policy's defined then we have a default policy thats applied
Thanks Venkatesh ,
you mean, we need one new vlan which will have restricted access ...
how do i configure restricted vlan in my LAN , do i need to create access-list and apply to respective SVI ?
what if I reject the users in case of server failure or have very basic configuration where I do not have any rules configured as inaccessible bypass policy ? what would be impact on network ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: