06-18-2019 02:32 AM - edited 07-05-2021 10:34 AM
Hello,
In wired dot1X there is a mechanism to place a device in a specific vlan in case the radius server is unreachable and cannot assign vlan dynamically.
Is there a similar mechanism for wireless ?
Thank you,
Have a nice day
06-18-2019 05:47 AM
Hi tom.barat@dimensiondata.com ,
No, as far as I know. Client state will remains same in the 802.1x required unless the authentication gets complete. However you can have redundant servers, so that if primary fails it will automatically forward the traffic to redundant server.
06-19-2019 03:05 AM
Hello,
Thank you for the answer.
In this context, we do use 2 ISE appliances in two separate datacenters for redundancy, so the chances of losing both ISE at the same time are rather low.
Regardless, the client asked and i know the mechanism exists for wired so i was wondering.
I guess if there was such a mechanism for wireless 802.1x, anyone who would connect to the SSID would automatically be granted access through the server dead mechanism, which is not what we want security-wise.
06-19-2019 04:00 AM
Hi tom.barat@dimensiondata.com ,
Please check this Community Thread
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide