07-24-2023 07:29 AM
Hi
we have deployed ISE cisco with policy Wired for 802.1X with nam profile, after inject cable computer connect and success in anyconnect, after few second working fine, all trafic in browser internet are reset connection, and local network normaly sometimes it is bloqued too, i disable network and enable the connection return working and repeat block.
i have verified ACL is normal, please if any help to fix it.
thanks
07-24-2023 07:33 AM
Please provide the switchport configuration and provide the output of "show authentication session interface x/y/z detail" after the connection is reset.
Have you check the switch logs for any obvious output?
07-24-2023 11:48 PM
Hi sorry for late
in port:
Current configuration : 812 bytes
!
interface GigabitEthernet1/0/3
switchport access vlan 42
switchport mode access
switchport voice vlan 200
device-tracking
authentication event fail action next-method
authentication event server dead action authorize vlan 42
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
spanning-tree bpduguard enable
end
from show auth:
No sessions match supplied criteria.
Runnable methods list:
Handle Priority Name
13 5 dot1x
4 5 dot1xSup
5 10 webauth
3 15 mab
i used nam to create profile configuration.xml, my friend have suggested to me to update firmware of SW 9200 to new i not yet do it.
if you have any suggestion i will apreciate it thanks
07-26-2023 11:30 AM
This is a 9200 switch, your using IBNS1, you should be using IBNS v2.0 Look up Wired Access Deployment Guide here https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515
07-26-2023 11:16 AM
Why are you using NAM at all?
07-27-2023 12:12 AM - edited 07-27-2023 12:14 AM
hi thanks; i will use it for posture
i doubt authentication timer reauthenticate server because the pc connect after reauth without any message it disconnect i guess
07-27-2023 11:57 AM
authentication timer reauthenticate server <<- show auth session interface let see this value
08-10-2023 01:16 AM
sorry, i have jumped to IBNS 2.0 work fine, but still i have sometimes error connection reset in browser until refresh connection lan
Interface: GigabitEthernet1/0/3
IIF-ID: 0x15D179F8
MAC Address: 040e.3c22.8d79
IPv6 Address: fe80::d855:2e5:396b:32f0
IPv4 Address: 10.xxxxx
User-Name: domain\user
Status: Authorized
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: 3600s (server), Remaining: 948s
Timeout action: Reauthenticate
Common Session ID: 9701B70A00000108DE542A70
Acct Session ID: 0x0000008c
Handle: 0x13000086
Current Policy: XXXX
Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
Security Policy: Should Secure
Security Status: Link Unsecured
Server Policies:
Session-Timeout: 3600 sec
Vlan Group: Vlan: 30
ACS ACL: xACSACLx-IP-DACL_IT-64ba2d3b
Method status list:
Method State
dot1x Authc Success
mab Stopped
----------------------------------------
Interface: GigabitEthernet1/0/3
IIF-ID: 0x12CEEE9D
MAC Address: 549f.c629.8f4d
IPv6 Address: Unknown
IPv4 Address: 10.xxxxx
User-Name: 54-9F-C6-29-8F-4D
Status: Authorized
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Common Session ID: 9701B70A00000109DE542B88
Acct Session ID: 0x0000008b
Handle: 0x0e000087
Current Policy: xxxx
how i can return to legacy without loose config and how to fix this disconnexion and reconnexion
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide