hi every body,

i have a problem with the config 802.1 in switch and connection to ISE server.

i do all configuration in switch but i don't have ping of my ise server in switch.must i have ping?!

this is my config:

conf t
aaa authentication dot1x default group radius
aaa authorization network default group radius

aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radius
aaa accounting update newinfo periodic 5

radius server ISE
address ipv4  172.16.32.102   auth-port 1812 acct-port 1813

timeout 2
retransmit 3
key  cisco
ip radius source-interface lo0

radius-server dead-criteria time 3

radius-server vsa send accounting

radius-server vsa send authentication

radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include

aaa server radius dynamic-author
client  172.16.32.102  server-key  cisco

access-list 10 permit 172.16.32.0  0.0.0.255

access-list 10 deny any log

mac address-table notification change
mac address-table notification mac-move

logging origin-id ip
logging source lo0
logging host 172.16.32.102 transport udp port 20514
epm logging

ip access-list ext ACL-DEFAULT
permit udp any eq bootpc any eq bootps
permit udp any any eq domain
permit icmp any any
permit udp any any eq tftp
permit ip any host 172.16.32.102
deny ip any any

ip access-list ext ACL-REDIRECT
deny udp any eq bootpc any eq bootps
deny udp any any eq domain
deny ip any host 172.16.32.102
permit tcp any any eq www
permit tcp any any eq 443
deny ip any any

dot1x system-auth-control

default int range gi1/0/1-2

int range gi1/0/1-2
switchport host
switchport access vlan 401
spanning-tree bpdugaurd enable

authentication priority dot1x mab
authentication order dot1x mab
authentication event fail action next-method
authentication host-mode multi-auth
authentication timer reauthenticate server
authentication event server dead action authorize vlan 401
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication violation restrict
authentication port-control auto

mab
dot1x pae authenticator
dot1x timeout tx-period 2
ip access-group ACL-DEFAULT in
snmp trap mac-notification change added
snmp trap mac-notification change removed

int vlan 401
ip helper-address  172.16.32.102

wr mem

--------------------------------------

can anyone guide me?!

thanks alot