Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
2
Replies

ISE-switchport session remain authenticated

sudheere
Level 1
Level 1

‎02-02-2013 11:45 AM - edited ‎03-10-2019 08:02 PM

I am facing a problem during deployment. Customer is using Avaya IP phone. If an autheticated workstation/laptop shift from one phone to another, the old switchport session remain there. The laptop acquire IP from new phone but even fail to ping gateway. If I do old phone reset or do 'clear authen sess interface', then laptop ping gateway. 'Clear arp' or 'clear mac-add table dynam' doesnt solve the issue. How can the ISE detect removal of a workstation to clear the authentication.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

tomi.sirait
Level 1
Level 1

‎12-05-2013 01:35 AM

two ways:

  1. CDP enhancement for second port disconnect (Cisco phones) 
  2. Proxy EAPoL-Logoff + inactivity timer (non-Cisco phones)

http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/Dot1X_Deployment/Dot1x_Dep_Guide.html

0 Helpful

Stephen McBride
Level 1
Level 1

‎12-05-2013 02:34 PM

authentication mac-move permit

0 Helpful
Customers Also Viewed These Support Documents