This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I been busting my head for a while regarding this Problem.
We habe an ISE with a policy allowing MAB devices to access the network.
the Policy is using MAB wired and the authorization Profile is a VLAN download to the Switch for a Port(of which the device is connected)
on the ISE everything looks fine and the device is authenticated and authurized to access .
on the switch everything is looking fine I can see the VLAN on the port.
but i cant ping the device.
and when i remove the port config and put a static VLAN on that port I can ping the device.
Did anyone encounter a problem like this?
Watch out of Vlan change when using MAB as it is dummy, sometimes it doesn't recognize that the IP has to be changed and you end up with a VLAN ID but stay in different subnet.
did you add the in global config:
radius-server attribute 8 include-in-access-req
It also could be related to the pre-auth-ACL where you have to enable DHCP traffic.
Can you please share the config to help you better?
Please rate if helpful
Thank you for your respond
There are no DACLs configured and the device gets an IP from the DHCP server which i can clearly see but i cant ping
here are the config