Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2393
Views
5
Helpful
5
Replies

What will be the impact if Cisco ISE is not working or down ?

Go to solution
Network_Sarovani
Level 3
Level 3

‎02-08-2022 08:04 AM

Hello Team ,

 

what happens if the CISCO ISE is non functional ? What happens to the end device authentication?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-08-2022 09:01 AM

@Network_Sarovani I assume you are referring to 802.1x RADIUS authentication?

It depends what you have configured. Use the Inaccessible Authentication Bypass (IAB) feature, also referred to as critical authentication. When configured the switch grants temporary network access to the host and puts the port in critical-authentication state, which allows devices connecting to the network whilst the RADIUS servers are down to gain network access.

 

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515#toc-hId-1018207729

 

View solution in original post

5 Replies 5

Go to solution
marce1000
VIP
VIP

‎02-08-2022 08:09 AM

 

 - The idea of ISE is to provide network authentication , if down then devices will not be able to go on the network.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Network_Sarovani
Level 3
Level 3
In response to marce1000

‎02-08-2022 08:17 AM

It means devices which uses ISE for authentication will not work ..

 

Example : PC which is connected to L2 switch on which NAC is enabled on the port will not be functional ..Meaning user will not be able to communicate with other devices .

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-08-2022 08:41 AM

If you distributed environment, they fall back to other ISE, of not Device Authentication fail back to Local account ( device authentication i take this as device admin) - not end device right ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Network_Sarovani
Level 3
Level 3
In response to balaji.bandi

‎02-10-2022 04:48 AM

End device = PC wired/wireless ,printer, network switches etc 

 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎02-08-2022 09:01 AM

@Network_Sarovani I assume you are referring to 802.1x RADIUS authentication?

It depends what you have configured. Use the Inaccessible Authentication Bypass (IAB) feature, also referred to as critical authentication. When configured the switch grants temporary network access to the host and puts the port in critical-authentication state, which allows devices connecting to the network whilst the RADIUS servers are down to gain network access.

 

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515#toc-hId-1018207729

 

Customers Also Viewed These Support Documents