Solved: ISE NAD RADIUS Fail Open

cpaquet · ‎09-11-2012

Good afternoon,

NAC offers ip admission command for fail open on a router. Is there an equivalent command for access switches pointing to a RADIUS server?

Situation:

Access switches have two RADIUS servers configured, one pointing to Load Balancer at Site A (with 6 PSNs behind) and the second RADIUS pointing at the LB at Site B (6 PSNs behind). If neither Site Load Balancers are reachable, how could we have the access switch fail-open and apply a ACL which would give access only to the Internet to the staff?

Thanks.

Cath.

Tarik Admani · ‎09-11-2012

Cath,

You can actually leverage the command "authentication event dead action authorize vlan id" and dump the users on a vlan that will grant them access while the radius servers are unreachable.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_2_se/configuration/guide/sw8021x.html#wp1194433

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Tarik Admani · ‎09-11-2012