Solved: Open authentication works initially, but then fails

Kjetil Fleten · ‎07-01-2015

We are implementing ISE for a customer. For a start, we want to use open authentication on some ports. When I configure "authentication open" on a port, the port actually keeps to the data Vlan and I receive a DHCP address from this Vlan, while the authentication process continues. When the process is done (radius, mab) and the client is rejected, the port is changed to guest Vlan. If I remove "authentication open", I'm blocked from start, so I can verify that the command makes a difference until the authentication process is done.

If authentication fails, I thaught the "authentication open" command would preserve vlan settings for a port ? Am I wrong ?

nspasov · ‎07-01-2015

Hi Kjetil,

Do you have the proper authorization rule in ISE? Remember that even though authentication is set to "open" you still must have an "open" authorization rule. This is usually done by configuring a "catch-all" rule at the bottom of your rule table. This rule would authorize any users/endpoints that did not match any of the other rules that you have configured in ISE.

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

nspasov · ‎07-01-2015

Hi Kjetil,

Do you have the proper authorization rule in ISE? Remember that even though authentication is set to "open" you still must have an "open" authorization rule. This is usually done by configuring a "catch-all" rule at the bottom of your rule table. This rule would authorize any users/endpoints that did not match any of the other rules that you have configured in ISE.

I hope this helps!

Thank you for rating helpful posts!