In open mode, I can see the ip and mac binding in the device tracking database, however, if I change it to close mode, it is vanished. Radius-server dead-criteria time 10 tries 3 Radius-server attribute 31 send nas-port-detail Radius-server attribute 31 mac format ietf upper-case Radius-server attribute 25 access-request include Radius-server attribute 8 include-in-access-req Radius-server attribute 6 on-for-login-auth After a period of time, ISE again authenticate this device.īut if I put the port to close mode, device is never authenticated.Īaa authentication dot1x default group ISE-GroupĪaa authorization network default group ISE-GroupĪaa accounting update newinfo periodic 2880Īaa accounting dot1x default start-stop group ISE-GroupĪuthentication event fail action next-methodĪuthentication event server dead action authorizeĪuthentication event server alive action reinitializeĪuthentication timer reauthenticate server Even it is in open mode, if I shut/no shut the port, device again stays in unauthorized state for a while. If port is not set to close mode(authentication open), device is authenticated after a while. These devices are statically profiled based on mac and IP address( exp.if mac and IP is x.x.x.x then profile NVR1) There are several devices we are obliged to assign static IP, like NVRs or Fingerprint devices. I have implemented dot1x and MAB only deployment.ĭot1x works well over certificate, profiling with the dynamic IP assigned devices also works well(exp.
0 kommentar(er)
