06-12-2012 01:47 AM - edited 03-10-2019 07:11 PM
Dears,
I'm working on ISE 1.1 version, am facing the following problem:
When the user turn on the PC , he can access to the network via Dot1x , but when the PC go to the sleeping mode , the Dot1x timed out , and the authentication type become mab , so that the user access as guest , and he need to restart the dot1x service manually to get the access again .
Below is a port switch configuration:
interface FastEthernet0/X
switchport access vlan 22
switchport mode access
switchport voice vlan 110
authentication port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
any idea? please advice.
Thank you in advance
Zahi
06-12-2012 03:50 AM
A suggestion since this is not something I can test
Should be able to distinguish the case of guest access from employee access since in the case of guest the endpoint will not exist in the database and create authoirzations accordingly
Can distinguish the case of whether endpoint was found using the following attribute in the authorization policy
Attribute: NetworkAccess.AuthentictionStatus
value: UnknownUser indicates that record was not found during the authentication
06-25-2012 11:54 AM
Hi jrabinow,
Sorry for my late reply.
There is a policy created on the active directory and pushed to the machines' users. This policy has the role to enable dot1x service on the workstations.
It seems that this problem is happening only for the users receiving the policy from the AD and not for the users that we have enabled for them the dot1x manually on their machines.
Regards
Zahi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide