Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm looking to see if it's possible for a C9300 to authenticate/authorize endpoints with certificates signed by a trusted CA while ISE is down. Below is my current policy-map for ISE being downevent authentication-failure match-first10 class ISE_SVR_...
What is the solution for the primary/secondary trigger? Do you also suggest disabling the alarm from the secondary, or is there a best-practice for configuring the secondary for RADIUS auth?
Thank you for your response. Knowing this, do you have an recommendations for allowing access to corporate VLANs during an ISE outage without allowing unintended guests access to the same VLAN?
