ISE authnetication Intermittent Access Loop dot1x and then MAB

majid2386 · ‎01-10-2017

Hi All

We have ISE running in our environment. Quite some time we have started facing issue the user machine will run with dot1x and after some time it will again start MAB. In the mean time the user will not have complete access. The NAC agent start every time the new authentication process start.

Well the port has an order of

authentication order dot1x mab

authentication priority dot1x mab

nspasov · ‎01-10-2017

Hi there, I have seen this issue before with Windows 7 machines that were missing critical 802.1x patches. Take a look at this link:

http://robert.penz.name/555/list-of-ieee-802-1x-hotfixes-for-windows-7/

I would start at the top of the list and ensure that the affected machines have all of these patches.

If that does not help then you can install the AnyConnect NAM module to one of the affected machines and see if that helps. It is ideal to use the Native Supplicant but the NAM module actually works pretty well.

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!

majid2386 · ‎01-16-2017

Yeah, Thanks Neno

Let me try with the hotfixes as this has to be performed by separate department. If that doesn't help let me try with NAM, also wanted to let you know that we are not running ANY connect on the user machine as these are desktop.

nspasov · ‎01-17-2017

Sounds good. Let us know how it goes!

Thank you for rating helpful posts!

Thank you for rating helpful posts!