Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Users authentication type problem

Unanswered Question
Jun 12th, 2012
User Badges:


I'm working on ISE 1.1 version, am facing the following problem:

When the user turn on the PC , he can access to the network via Dot1x , but when the PC go to the sleeping mode  , the Dot1x timed out , and the authentication type become mab , so that the user access as guest , and he need to restart the dot1x service manually to get the access again .

Below is a port switch configuration:

interface FastEthernet0/X

switchport access vlan 22

switchport mode access

switchport voice vlan 110

authentication port-control auto


dot1x pae authenticator

spanning-tree portfast

any idea? please advice.

Thank you in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jrabinow Tue, 06/12/2012 - 03:50
User Badges:
  • Cisco Employee,

A suggestion since this is not something I can test

Should be able to distinguish the case of guest access from employee access since in the case of guest the endpoint will not exist in the database and create authoirzations accordingly

Can distinguish the case of whether endpoint was found using the following attribute in the authorization policy

Attribute: NetworkAccess.AuthentictionStatus

value: UnknownUser indicates that record was not found during the authentication

ZAHI BOU KHALIL Mon, 06/25/2012 - 11:54
User Badges:

Hi jrabinow,

Sorry for my late reply.

There is a policy created on the active directory and pushed to the machines' users. This policy has the role to enable dot1x service on the workstations.

It seems that this problem is happening only for the users receiving the policy from the AD and not for the users that we have enabled for them the dot1x manually on their machines.




This Discussion