Hi,

I am currently in trouble with configuring MAC authentication correctly. When I connect my computer on the port, the port has vlan 999 which is fine. The computer is compliant and he gets the vlan 1 to access the network.  When I disconnect the computer, the vlan does not switch back to vlan 999. The next computer which connects should not have access without authenticating itself.

I am working with policy maps and the policy map is mapped on the port:

policy-map type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH
event session-started match-all
10 class always do-until-failure
10 authenticate using mab priority 20
20 authenticate using dot1x priority 10
30 authenticate using webauth parameter-map WEBAUTH_DEFAULT priority 30
event authentication-failure match-first
10 class ALL_FAILED do-until-failure
10 authentication-restart 60
event authentication-success match-all
10 class DOT1X do-until-failure
10 terminate mab
20 activate service-template VLAN999
20 class MAB do-until-failure
10 terminate webauth
event agent-found match-all
10 class always do-until-failure
10 authenticate using dot1x priority 10

class-map type control subscriber match-all ALL_FAILED
no-match result-type method dot1x none
no-match result-type method dot1x success
no-match result-type method mab none
no-match result-type method mab success
no-match result-type method webauth none
no-match result-type method webauth success

interface GigabitEthernet2/0/4
description ***802.1X*MAB***
switchport access vlan 999
switchport mode access
authentication periodic
authentication timer reauthenticate 10
access-session host-mode single-host
access-session port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 10
service-policy type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH

Does somebody have an idea?

Thank you in advance.