Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1811
Views
0
Helpful
4
Replies

Windows 10 can not connect with dot1.x

Go to solution
kbadjoko
Level 1
Level 1

‎04-06-2022 10:11 AM

Hello Dear,

I have an issue with cisco ISE 2.7, windows 10 20H and cisco 3850

I need cocurrent authentication dot1.x and mab for AVAYA and windows 10

mab works correctly and dot1x does not.

all windows 10 fall into mab and in live log i can not see dot1x authentication...only mab.

in some switches, we have to restart the ip phone and sometimes dot1x works.

 

 

 

Here is my config

policy-map type control subscriber DOT1X-DEFAULT
event session-started match-all
10 class always do-all
10 authenticate using dot1x priority 10
20 authenticate using mab priority 20
event violation match-all
10 class always do-all
10 restrict
event agent-found match-all
10 class always do-all
10 authenticate using dot1x
event authentication-failure match-all
10 class AAA-DOWN do-all
10 authorize
20 activate service-template CRITICAL
30 terminate mab
40 terminate dot1x
20 class DOT1X-FAILED do-all
10 authenticate using mab

 

 

aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ line enable
aaa authentication dot1x default group ISE-GROUP
aaa authorization config-commands
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization network default group ISE-GROUP
aaa accounting update newinfo periodic 2880
aaa accounting identity default start-stop group ISE-GROUP
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎04-07-2022 01:20 PM

This is a duplicate of the same question asked here. Let's continue the discussion there.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marcelo Morais
VIP
VIP

‎04-06-2022 08:38 PM

Hi @kbadjoko ,

 could you please share your "interface" configuration?

 

Regards

0 Helpful

Go to solution
kbadjoko
Level 1
Level 1
In response to Marcelo Morais

‎04-06-2022 10:43 PM

Hello @Marcelo Morais 

 

we are using cisco meraki for wireless and it is working fine.

Just for wired that we have issues

 

Here it is

 

 

interface GigabitEthernet1/0/31
description Users-Second-Port(14.X)
switchport access vlan 14
switchport mode access
switchport nonegotiate
switchport voice vlan 104
authentication periodic
authentication timer reauthenticate server
access-session port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
service-policy type control subscriber DOT1X-DEFAULT

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to kbadjoko

‎04-07-2022 01:59 PM

Hi @kbadjoko ,

 please take a look at Configuring Identity Control Policies search for: Example: Configuring Control Policy for Sequential Authentication Methods.

"The following example shows a control policy that is configured to allow sequential authentication methods using 802.1X (dot1x), MAB, and web authentication."

 

Hope this helps !!!

0 Helpful

Go to solution
Arne Bier
VIP
VIP

‎04-07-2022 01:20 PM

This is a duplicate of the same question asked here. Let's continue the discussion there.

0 Helpful
Customers Also Viewed These Support Documents