Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
3
Replies

Unauthorized devices authentication (RADIUS)

Teayuu
Level 1
Level 1

‎03-07-2019 06:24 AM

Hello,

 

I'm working on a windows radius server, and a cisco switch 2960X.

Is it possible to put the switchport as errdisable after the authentication fail ?

I tried to configure the port security but it does not see the authentication fail as an security violation.

 

So even when the authentication fail, it will still put the switchport on vlan1.

 

Thank you for your attention.

 

 

0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎03-07-2019 08:25 AM

 

 - In general this is not the intended purpose of  ISE as this has more fundamental consequences for the device and it's network connection.  You may want to look into schemes such as CoA, to isolate devices on quarantine VLAN's (that's only an example).

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Teayuu
Level 1
Level 1
In response to marce1000

‎03-11-2019 02:45 AM

Thank you for your anwser.

Do you know if it's possible to configure the access reject so it can be seen as a security violation ?
0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-11-2019 11:18 AM

Is it possible to put the switchport as errdisable after the authentication fail ?

Not that I am aware of. If there is a way hopefully someone else will chime in.

What you are looking for can be accomplished via this under your port configs:
#authentication event fail action authorize vlan ##

HTH!
0 Helpful
Customers Also Viewed These Support Documents