cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10919
Views
25
Helpful
16
Replies

Access network when Cisco ISE down or switch can't connect to ISE

quangle1993
Level 1
Level 1

Hi everyone,

I have this situation :
    Headquarter in City A with Cisco ISE

    Office in City B with Switch, no local IT

If ISE down or connection between ISE and Switch lost and the switch cant communicate with ISE, user in Office can't access to network. They cann't even use the printer, ipphone in their office. They can do nothing. This is unacceptable cause it impact to business too much.

I want to ask are there any way to let user access to network when ISE down or switch can't communicate with ISE. But when ISE work fine and the Switch can connect to ISE. Every user must authentication to get access.

 

Many thanks

Quang

16 Replies 16

Hi,

"authentication event fail action next-method" - if first authentication method fails, try the next method if configured. Useful if you are using dot1x and mab.

 

"authentication event fail action authorize vlan" - if authentication fails move the port into the fail auth vlan.

 

The "authentication event server dead action authorize vlan" command instructed the interface what to do when the RADIUS server was unreachable.

 

HTH

 

>"authentication event fail action next-method" - if first authentication method fails, try the next method if >configured. Useful if you are using dot1x and mab

 

Still don't understand the meaning of the above command, as you can configure

"authentication order mab dot1x webauth" and "authentication priority mab dot1x webauth"

which (i think) try all methods in sequence.... so what the meaning of the "authentication event fail action next-method"

 

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: