10-01-2021 01:35 PM
I am new to this and starting into configuring our ISE servers with policies for allowing endpoints to authenticate using 802.1X. I am taking a phased approach to this so I don't accidently shut down the whole network. After much research, I started with a policy set that allows network access using Wired MAB. In order to monitor, I first configured the switch with:
aaa authentication dot1x default group Groupname
aaa authentication dot1x start-stop group Groupname
For the interfaces that I am testing on I configured it with:
authentication port-control auto
authentication host-mode multi-auth
authentication open
authentication periodic
mab
dot1x pae authenticator
dot1x timeout supp-timeout 30
dot1max-req 2
The associated endpoints all authenticated without issues using this format. Unfortunately this doesn't work when the endpoint is a printer. I added the command authentication control-direction in.
The printer would still not pass authentication and access to printer is lost. I don't have a specific policy set for the printers and I don't know how to write one up.
Can anyone assist me? Thank you for your support