02-10-2016 08:08 PM
Hi everyone,
Can you please advise if this is an expected behaviour or something weird is happening?
Customer has 3750 with 15.0(2)SE8. He defines reauth timer via Radius and it works fine if auth order is dot1x + MAB (priority is dot1x + MAB as well). But if he changes order to amore traditional MAB+dot1x (priority is still do1tx+MAB), then after reauth timer expiry he does not see the switch to initiate EAP authentication. And without this EAPOL Identity Request from the switch client does not do any EAP authentication as well and ends up with being authorised via MAB. It looks like a buggy behaviour to me.
Solved! Go to Solution.
02-11-2016 10:42 AM
Hi,
Please take a look at the compatibility guide. 15.0(2) is not a recommended version. We HIGHLY recommend that you follow the compatibility guide. Our team (the ISE team) spends tremendous resources testing and making these recommendations.
Cisco Identity Services Engine Network Component Compatibility, Release 2.0 - Cisco
Outside of the compatibility guide, I would recommend you open a TAC Case.
-Aaron
02-11-2016 10:42 AM
Hi,
Please take a look at the compatibility guide. 15.0(2) is not a recommended version. We HIGHLY recommend that you follow the compatibility guide. Our team (the ISE team) spends tremendous resources testing and making these recommendations.
Cisco Identity Services Engine Network Component Compatibility, Release 2.0 - Cisco
Outside of the compatibility guide, I would recommend you open a TAC Case.
-Aaron
02-11-2016 11:25 AM
You're probably missing termination-action-modifier=1 AVPair in your AuthZ profile. This forces the switch to re-authenticate using the same method how the endpoint originally authenticated.
If this is not specified, the switch will go in the order specified by the authentication order command.
This is not that well documented. You can find it at the very bottom of this document: Flexible Authentication Order, Priority, and Failed Authentication - Cisco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide