02-21-2019 07:27 AM
Hello,
Performing Wired Guest. On switch, authentication order is mab dot1x, priority is dot1x mab.
Dot1x is enabled on the Native supplicant on the end user PC.
Only wired guest is required to be done for this PC. Wired guest redirect works fine, user gets to portal and get access to internet. MAB is all good at this point.
But after few minutes, Dot1x authentication gets triggered automatically. Looks like the supplicant is sending the EAPol-START as it's configured with dot1x.
Dot1x configuration cannot be turned off from the end user PC as per the policy, but want to do only guest. Can this be achieved from the switch? There is not dedicated switch or ports just for guest access. Some times, corp endpoints will be connected to that switchport and do dot1x.
Thanks
Sampath
02-22-2019 05:44 AM
02-23-2019 11:29 AM
02-25-2019 05:30 PM
Hi,
We could just do MAB on the port for Guest access, but you also mentioned there are times when a Corp Endpoint will get connected so we definitely need dot1x active on the port and with dot1x active in case it receives EAPoL packet from the endpoint, it definitely restarts dot1x.
Is your switch using IBNS1.0(Legacy style) or 2.0 style configs?
Another options i can think of is using some kind of interface macros to configure the port for Guest access and revert after link down..
02-26-2019 07:47 AM
Would also like to take a look at port config and/or what ISE is sending back for any timers for what Mike said earlier. There should be a way (for example) to re-auth for MAB even though pri might be 1X first, but need to know what's driving the supplicant to do this. Also, what type of supplicant?
03-07-2019 07:47 AM
This is with Windows Native supplicant. Switches are using the legacy style. No re-auth timers are sent from the ISE.
At this point we have asked them to use a dedicated switch just for wired guest instead of doing both dot1x and mab on the same switch port.
Thank you.
03-08-2019 07:13 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide