07-09-2020 07:33 AM
Hi
I need some advice, I currently have AAA New-style enabled on a switch stack with radius pointing to ISE, i found out that if i roam between network points i cant authenticate and only authenticate on the point i originally authenticated first time.
i found out that if i remove my PC from a wired point and do a show access-session my session still appears(like a sticky session) and only when i clear this session am i able to authenticated on another wired point.
is there a command i am missing that remove sticky sessions so that my clients can roam?
port config:
interface GigabitEthernet8/0/13
description DHCP End User
switchport access vlan 150
switchport mode access
switchport nonegotiate
switchport voice vlan 151
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication periodic
authentication timer reauthenticate server
access-session port-control auto
mab
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
auto qos trust
storm-control broadcast level 10.00
storm-control multicast level 10.00
spanning-tree portfast
spanning-tree bpdufilter disable
spanning-tree bpduguard enable
spanning-tree link-type point-to-point
spanning-tree guard root
service-policy type control subscriber DOT1X-CONFIG
end
Thanks
Rayyaan
Solved! Go to Solution.
07-09-2020 08:33 AM
check if you have the command "authentication mac-move permit" in your (global) config
07-09-2020 08:33 AM
check if you have the command "authentication mac-move permit" in your (global) config
07-10-2020 04:12 AM
thanks it worked.
the new-Style command is "no access-session mac-move deny"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide