Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
106
Views
0
Helpful
0
Replies

Client connection aborts after any time on ISE authenticated port

service-md
Level 1
Level 1

‎09-17-2018 05:55 AM

Hi,

I am currently testing a simple MAB authentication on a Cisco 2960 with firmware 15.0 (2) SE11. The authentication on test-port 2 works fine and the client can connect and ping to his gateway.

But after an indefinite period (sometimes 10 minutes, sometimes 18 minutes or ~30 Minutes) the Ping from the Win 10 client to the gateway stops. When the Ping has stopped the switch port is still up, the client still has his ip address, the "show authentication session"-command shows Authorized and everything seems to be fine. When the Ping stops the CLI of the switch shows no output (reauthentication or something) and the ISE shows nothing (Logical, because the switch performs no authentication). 

 

My switch config:

Building configuration...

Current configuration : 4474 bytes
!
! Last configuration change at 23:31:09 UTC Thu Mar 4 1993 by xxxxxxx
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxx
!
username xxxxxxx secret 5 xxxxxxx
username xxxxxxx secret 5 xxxxxxx
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group radius
aaa authorization exec default group tacacs+ local
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!
!
!
aaa session-id common
system mtu routing 1500
access-session template monitor
!
!
ip domain-name test.com
!
!
crypto pki trustpoint TP-self-signed-1899961600
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1899961600
 revocation-check none
 rsakeypair TP-self-signed-1899961600
!
!
crypto pki certificate chain TP-self-signed-1899961600
 certificate self-signed 01
xxxxxxx
dot1x system-auth-control
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
 description dot1x+mab
 switchport mode access
 authentication order mab
 authentication port-control auto
 mab
 dot1x pae authenticator
 spanning-tree portfast
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.126.163 255.255.255.0
!
ip default-gateway 192.168.126.254
ip http server
ip http secure-server
tacacs-server host 192.168.126.162 key xxxxxxx
tacacs-server timeout 1
tacacs-server directed-request
radius-server dead-criteria time 1 tries 1
radius-server host 192.168.126.162 auth-port 1812 acct-port 1813 key xxxxxxx
radius-server deadtime 1
!
!
!
vstack
!
line con 0
line vty 0 4
 transport preferred ssh
 transport input ssh
line vty 5 15
 transport preferred ssh
 transport input ssh
!
end

 

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
This is to test the category level ad