cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

163
Views
0
Helpful
2
Replies
Beginner

802.1x workstations keep going to guest vlan

any ideas why workstations keep going into guest vlan?  what are your workarounds?

 

current config:

 

interface GigabitEthernetX/X
description xxxx
switchport
switchport access vlan 22
switchport mode access
switchport voice vlan 26
authentication event server dead action authorize vlan 22
authentication event server dead action authorize voice
authentication event no-response action authorize vlan 27
authentication host-mode multi-domain
authentication port-control auto
authentication violation replace
mls qos trust dscp
dot1x pae authenticator
no cdp enable

 

 

I was thinking of adding this below into port config:


Switch(config-if)# authentication timer inactivity 3
Switch(config-if)# authentication timer reauthenticate 15
 
what do you guys think?
Everyone's tags (1)
2 REPLIES 2
Collaborator

Re: 802.1x workstations keep going to guest vlan

well.. we need more information about your issue..

What is the id of guest vlan? What happens exactly? PC do not get corporate network?
could you share full configuration about your device?

Regards
Jaderson Pessoa
*** Rate All Helpful Responses ***
Beginner

Re: 802.1x workstations keep going to guest vlan

vlan 27 is guest vlan with Internet access only.  Users seem to randomly lose full access and get kicked into vlan 27.  I can share AAA config of switch.  Unfortunately, I dont have access to 802.1x server.

 

switch#sh run aaa
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp default group RAD1 local
aaa authentication dot1x default group RAD1
aaa authorization network default group RAD1
aaa accounting exec default start-stop group RAD1
aaa accounting connection default start-stop group RAD1
aaa accounting network default start-stop group RAD1
aaa accounting system default start-stop group RAD1

!
radius server ABC
address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
key xxxxx
radius-server timeout 8
aaa group server radius RAD1
server name ABC
!
!
!
aaa new-model
aaa session-id common