Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
0
Helpful
3
Replies

Unauthorized devices authentication (RADIUS)

Teayuu
Frequent Visitor
Frequent Visitor

‎03-07-2019 06:24 AM

Hello,

 

I'm working on a windows radius server, and a cisco switch 2960X.

Is it possible to put the switchport as errdisable after the authentication fail ?

I tried to configure the port security but it does not see the authentication fail as an security violation.

 

So even when the authentication fail, it will still put the switchport on vlan1.

 

Thank you for your attention.

 

 

0 Helpful
3 Replies 3

Mark Elsen
Hall of Fame
Hall of Fame

‎03-07-2019 08:25 AM

 

 - In general this is not the intended purpose of  ISE as this has more fundamental consequences for the device and it's network connection.  You may want to look into schemes such as CoA, to isolate devices on quarantine VLAN's (that's only an example).

M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Teayuu
Frequent Visitor
Frequent Visitor
In response to Mark Elsen

‎03-11-2019 02:45 AM

Thank you for your anwser.

Do you know if it's possible to configure the access reject so it can be seen as a security violation ?
0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-11-2019 11:18 AM

Is it possible to put the switchport as errdisable after the authentication fail ?

Not that I am aware of. If there is a way hopefully someone else will chime in.

What you are looking for can be accomplished via this under your port configs:
#authentication event fail action authorize vlan ##

HTH!
0 Helpful
Customers Also Viewed These Support Documents