Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
2
Replies

ISE and HA

network@bigbenkuwait.com
Level 1
Level 1

‎03-09-2017 02:34 AM - edited ‎03-11-2019 12:32 AM

Hi Guys,

what is the solution or configuration should. Be done in case all policy nodes of ISE went down and were not responding?

let's say it's emergency and both ISE got a hardware failure.

how can i bypass it or give full access to users without depending on ISE? Is it aaa config?

regards

Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎03-09-2017 05:59 AM

This would be more on the network device side (switch, controller). On switches, you can configure the "authentication event server dead action" on the switchport to authorize it to a particular vlan that has required access. You can also authorize the voice vlan functionality this way.

For Wireless, I am not sure if there is a way to do the above. A workaround for this would be to broadcast a new SSID without authentication till the ISE comes back up.

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎03-13-2017 09:22 AM

On WLC you set Authentication priority order

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents