i have a ISE works fine using 802.1x but we have a strange behavior when the client just logoff the windows machine, after the client login again, the machine does not authenticate and stuck as a message " not possible to authenticate". Then I need to take off the cable machine and put again, after this everything works fine.
This happens just using logoff windows.
could someone help me about it?
thanks a lot
I am using this configuration.
switchport access vlan 22
switchport mode access
switchport voice vlan 23
ip access-group ACL-DEFAULT in
logging event link-status
authentication event fail action next-method
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
qos trust device cisco-phone
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-Cisco-Phone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
the client are using the NAC Agent the way to perform a posture.
If i take off the cable and put again, everything works fine, but if the client try to logoff and after a time login again, the NIC Card can not be authenticated.
thanks a lot
so its MDA that means a PC is connected behind the phone. If I'm not wrong the CDP Enhancement for Second Port Disconnect working fine when we plug/unplug the cable but when a user logoff it doesn't (only if we are using cisco phones). In order to clear the sessions switch need to detect link state for devices connected behind IP phones.
Are we using 802.1x or MAB on the windows PC's?
Can we also look at the debugs when clients are unable to authenticate.
show authentication session interface
debug dot1x all
- Do rate helpful posts -
I was looking for some information on the forum and am having exactly the problem that you put in your post, users have the PC is connected behind the ip phone. Some users lose authentication, and only come back when plug/unplug the cable.
How you managed to solve this problem.