Solved: Re: Setting up Remediation VLANs on the Network

eXpliciT · ‎01-09-2019

Our current network does not have remediation VLANs set up and the only way to get PCs authorized is to allow it on the network so technicians can posture it so it authenticates.

I'm trying to find guidance on how to set the remediation VLANs that if a device is not able to authenticate on the network, it will fall into the remediation VLAN which will grant it limited network access until we can get it on the domain.

Thanks!

Jason Kunst · ‎01-09-2019

When devices fail authentication using dot1x they fallback to MAB. There you can allow access to critical resources such as patching and remote help systems

Did you look at our wired guide under http://cs.co/ise-guides

View solution in original post

TA_a · ‎01-09-2019

You could try configuring authentication event parameters at interface level.

authentication event fail action authorize vlan <Your remediation Vlan>
authentication event server dead action authorize vlan <Data Vlan>
authentication event no-response action authorize vlan <Guest Vlan>
authentication event server alive action reinitialize

Jason Kunst · ‎01-09-2019

When devices fail authentication using dot1x they fallback to MAB. There you can allow access to critical resources such as patching and remote help systems

Did you look at our wired guide under http://cs.co/ise-guides

owaishussain · ‎03-18-2021

Sorry, cant for the details .. We need to configure Remediation web server for the patches and Os updates. Can you provide a link ?

Marcelo Morais · ‎03-18-2021

Hi @owaishussain ,

please take a look at: ISE Posture Prescriptive Deployment Guide., search for Posture Remediation.

Hope this helps !!!

owaishussain · ‎03-18-2021

(cant find the details)