03-09-2017 02:34 AM - edited 03-11-2019 12:32 AM
Hi Guys,
what is the solution or configuration should. Be done in case all policy nodes of ISE went down and were not responding?
let's say it's emergency and both ISE got a hardware failure.
how can i bypass it or give full access to users without depending on ISE? Is it aaa config?
regards
03-09-2017 05:59 AM
This would be more on the network device side (switch, controller). On switches, you can configure the "authentication event server dead action" on the switchport to authorize it to a particular vlan that has required access. You can also authorize the voice vlan functionality this way.
For Wireless, I am not sure if there is a way to do the above. A workaround for this would be to broadcast a new SSID without authentication till the ISE comes back up.
03-13-2017 09:22 AM
On WLC you set Authentication priority order
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: