802.1x remote sites

clark white · ‎04-05-2017

Dears,

i have a site-to-site vpn between HQ and branch, 802.1X works fine in HQ but it doesn't work for branch users i have enabled permit ip any any on the vpn access-list,i have only 1 ASA firewall and 1 Switch on the branch , i have added the switch in the ISE but not the ASA.

Anybody has experienced such issue

thanks

clark white · ‎04-10-2017

nobody in the world has come across such issue

clark white · ‎04-25-2017

is it I am asking something strange, if so please respond, and if not then nobody in the world has come across to such problem.

thanks

Inayat Bunglawala · ‎04-25-2017

Hi Clark,

You need to provide a few more details. For example, have you ensured that RADIUS traffic (UDP 1812/1813 normally) is allowed between your branch site and the HQ where presumably the ISE RADIUS servers reside? What are you seeing at the branch site switch when you enter "show authentication session int gi x/y"? What is the ISE server reporting in terms of authentication for a given mac address from the branch site etc...

clark white · ‎04-28-2017

Dear Inayat,

You need to provide a few more details. For example, have you ensured that RADIUS traffic (UDP 1812/1813 normally) is allowed between your branch site and the HQ where presumably the ISE RADIUS servers reside?

I have permitted all traffic but the important thing is that the traffic is passing through the site-to-site vpn on both the ends,

What are you seeing at the branch site switch when you enter "show authentication session int gi x/y"?

I think the packets are not reaching to the ise server when I test on the switch by aaa command I get No authoritative response from any server. but I can ping the ISE server successfully,

thanks