cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1207
Views
5
Helpful
1
Replies

NEAT AAA fail policy

creserva1
Level 1
Level 1

We are using 802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT) But I am currently struggling to find a solution when authenticator switch cannot reach configured RADIUS servers (Cisco ISE). I was reading 802.1x Authentication with Inaccessible Authentication Bypass Configuring IEEE 802.1x Port-Based Authentication but I am not sure if this is the solution. 

 

The configuration guides doesn't mention about AAA fail policy for NEAT. Please advise and thank you.

 

 

1 Reply 1

creserva1
Level 1
Level 1

I am testing these

 

"Define a Service-template that invokes the template to be enforced on AAA Server failure"

"Define the class, event and action under the subscriber policy-map to handle Critical authorization"

"To activate a local service template, when AAA is down, authorize the end host and pause reauthentication timer (since
reauth will fail due to server down condition)"

 

It looks like it is working.