Hi, I am currently in trouble with configuring MAC authentication correctly. When I connect my computer on the port, the port has vlan 999 which is fine. The computer is compliant and he gets the vlan 1 to access the network. When I disconnect the computer, the vlan does not switch back to vlan 999. The next computer which connects should not have access without authenticating itself. I am working with policy maps and the policy map is mapped on the port: policy-map type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH event session-started match-all 10 class always do-until-failure 10 authenticate using mab priority 20 20 authenticate using dot1x priority 10 30 authenticate using webauth parameter-map WEBAUTH_DEFAULT priority 30 event authentication-failure match-first 10 class ALL_FAILED do-until-failure 10 authentication-restart 60 event authentication-success match-all 10 class DOT1X do-until-failure 10 terminate mab 20 activate service-template VLAN999 20 class MAB do-until-failure 10 terminate webauth event agent-found match-all 10 class always do-until-failure 10 authenticate using dot1x priority 10 class-map type control subscriber match-all ALL_FAILED no-match result-type method dot1x none no-match result-type method dot1x success no-match result-type method mab none no-match result-type method mab success no-match result-type method webauth none no-match result-type method webauth success interface GigabitEthernet2/0/4 description ***802.1X*MAB*** switchport access vlan 999 switchport mode access authentication periodic authentication timer reauthenticate 10 access-session host-mode single-host access-session port-control auto mab dot1x pae authenticator dot1x timeout tx-period 10 service-policy type control subscriber CONCURRENT_DOT1X_MAB_WEBAUTH Does somebody have an idea? Thank you in advance.
... View more