Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
3
Replies

Open Fail/Critical VLAN

roberto brito
Level 1
Level 1

‎06-06-2017 09:29 AM - edited ‎03-08-2019 10:52 AM

We did a fail open test today and everything worked fine on the PC from the user perspective. We tested to see what would happen to the PCs if they were rebooted and the result was no network connectivity even though they had an IP. Some PCs needed another reboot to get network connectivity while others need two or more reboots. Need to find out whats causing the PC to lose connectivity after a reboot.

The switch at the location is a 2960s running 15.0(2)se10a. The ISE deployment is two nodes running 2.1 patches 1,2,3. Running config on switchport:

switchport access vlan 206
switchport mode access
switchport voice vlan 301
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
authentication control-direction in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 206
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer reauthenticate server
authentication timer inactivity server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
auto qos trust
spanning-tree portfast

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎06-06-2017 12:57 PM

Hello,

try and change the authentication order on your access ports:

authentication order mab dot1x

Which OS are your clients running ?

0 Helpful

roberto brito
Level 1
Level 1
In response to Georg Pauwen

‎06-06-2017 01:02 PM

Windows 7. Curious as to why the authentication order would matter?

0 Helpful

Georg Pauwen
VIP
VIP
In response to roberto brito

‎06-06-2017 02:20 PM

Hello,

actually, either the client, Windows 7 in your case, or the switchport configuration is causing the problem.

I would try and connect the client to a switchport with just the basic configuration:

switchport access vlan 206
switchport mode access
switchport voice vlan 301
spanning-tree portfast

Check if the problem persists with just that basic configuration.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card