02-19-2019 01:10 AM
Hello
I been busting my head for a while regarding this Problem.
We habe an ISE with a policy allowing MAB devices to access the network.
the Policy is using MAB wired and the authorization Profile is a VLAN download to the Switch for a Port(of which the device is connected)
on the ISE everything looks fine and the device is authenticated and authurized to access .
on the switch everything is looking fine I can see the VLAN on the port.
but i cant ping the device.
and when i remove the port config and put a static VLAN on that port I can ping the device.
Did anyone encounter a problem like this?
Solved! Go to Solution.
12-16-2020 01:21 PM
A switch reboot or the device is not receiving DHCP requests.
02-19-2019 02:13 AM
02-19-2019 07:22 AM
Thank you for your respond
there is no DACLs configured on ISE and device tracking is enabled
02-19-2019 04:08 AM
Hi,
Watch out of Vlan change when using MAB as it is dummy, sometimes it doesn't recognize that the IP has to be changed and you end up with a VLAN ID but stay in different subnet.
did you add the in global config:
radius-server attribute 8 include-in-access-req
It also could be related to the pre-auth-ACL where you have to enable DHCP traffic.
Can you please share the config to help you better?
Please rate if helpful
02-19-2019 07:24 AM
Thank you for your respond
There are no DACLs configured and the device gets an IP from the DHCP server which i can clearly see but i cant ping
here are the config
12-16-2020 10:03 AM
Did you ever resolve this issue? I'm starting to have issues with printers that authenticate successfully with ISE and I still can't ping them.
12-16-2020 01:21 PM
A switch reboot or the device is not receiving DHCP requests.
02-19-2019 04:39 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide