MAC authentication - vlan does not switch back to access vlan
I am currently in trouble with configuring MAC authentication correctly. When I connect my computer on the port, the port has vlan 999 which is fine. The computer is compliant and he gets the vlan 1 to access the network. When I disconnect the computer, the vlan does not switch back to vlan 999. The next computer which connects should not have access without authenticating itself.
I am working with policy maps and the policy map is mapped on the port:
policy-map type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH event session-started match-all 10 class always do-until-failure 10 authenticate using mab priority 20 20 authenticate using dot1x priority 10 30 authenticate using webauth parameter-map WEBAUTH_DEFAULT priority 30 event authentication-failure match-first 10 class ALL_FAILED do-until-failure 10 authentication-restart 60 event authentication-success match-all 10 class DOT1X do-until-failure 10 terminate mab 20 activate service-template VLAN999 20 class MAB do-until-failure 10 terminate webauth event agent-found match-all 10 class always do-until-failure 10 authenticate using dot1x priority 10
class-map type control subscriber match-all ALL_FAILED no-match result-type method dot1x none no-match result-type method dot1x success no-match result-type method mab none no-match result-type method mab success no-match result-type method webauth none no-match result-type method webauth success
interface GigabitEthernet2/0/4 description ***802.1X*MAB*** switchport access vlan 999 switchport mode access authentication periodic authentication timer reauthenticate 10 access-session host-mode single-host access-session port-control auto mab dot1x pae authenticator dot1x timeout tx-period 10 service-policy type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH
Hello guys.I installed remote access VPN on Windows 2019. I need to do additional configuration on the router to allow access outside. I got this.Public IP--------------ISP Router-------------Fa0/0 Cisco Router Fa0/1------------------------My Server ...
Meet the Authors video - How to Troubleshoot Network Problems with Vinit Jain
(Live event – Wednesday, February 12th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event had place on Wednesday 12th, February 2020 at 10hrs PDT&nbs...
I have a pair of 3945 routers that are proving to be underpowered for the 100+ remote offices connecting to them. Fortunately I happen to have a couple of 4351 ISRs rated for significantly greater encrypted throughput. Is there any way I could upgrade the...
This article assumes you have the basic knowledge and experience with Cisco DNA Center and Identity Services Engine (ISE).Note when reading this doc the "Authentication Policy" referred to is part of Cisco DNA Center Onboarding section and ha...