Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
5
Helpful
1
Replies

ISE and VLAN of Last resort

David Fitzgerald
Level 1
Level 1

‎03-30-2017 12:11 PM - edited ‎03-11-2019 12:35 AM

I'd like to be able to define a "VLAN of last resort", which is where a user ends up under the following scenarios:

  1. The User fails to authenticate via either MAB or Dot1X
  2. Despite being able to authorize, the user chooses to VLAN deliberately.

ISE 2.1 patch 3 and 3850s running 03.07.04.E

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎04-01-2017 06:51 PM

Hi 

If i understand your question, you want to assign a specific vlan to a user that authentication failed with ISE, am i right? 

If yes, on the switch, on the port configuration, you can use the command: 

authentication event fail action authorize XX

--> XX represents there vlan id you want to assign in case of failed authentication. 

You have also another command to assign a vlan in case ISE isn't responding because it's down (important otherwise you're users won't have access to the network):

authentication event server dead action authorize vlan XX

--> XX represents vlan id you want to assign if ISE is down. 

Hope that answers your questions 

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents