Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco ISE: HotFix and Timers for 802.1x (EAP-TLS)

Hi,

I found the below Hot-Fix to be set;

http://blogs.technet.com/b/jeff_stokes/archive/2013/01/24/20-minute-delay-deploying-windows-7-on-802-1x-fix-it-here.aspx

Kindly let me know that what is the best time to be set on it. It tells 20 mintues. Also, i wanna know that what is the corresponding configuration needs on Switch and ISE to reflect it or doesn't need it.

Thanks,

Regards,

Mubasher Sultan

3 REPLIES
New Member

Cisco ISE: HotFix and Timers for 802.1x (EAP-TLS)

Hello Mubashir,

Many timers can be modified as  needed in a deployment. Unless you are experiencing a specific problem  where adjusting the timer may correct unwanted behavior, it is  recommended to leave all timers at their default values except for the  802.1X transmit timer (tx-period).

The tx-period timer defaults to a value of 30 seconds.  Leaving this value at 30 seconds provides a default wait of 90 seconds  (3 x tx-period) before a switchport will begin the next method of  authentication, and begin the MAB process for non-authenticating  devices.

Based on numerous deployments, the best-practice  recommendation is to set the tx-period value to 10 seconds to provide  the optimal time for MAB devices. Setting the value below 10 seconds may  result in the port moving to MAC authentication bypass too quickly.

Configure the tx-period timer.

C3750X(config-if-range)#dot1x timeout tx-period 10

Cisco ISE: HotFix and Timers for 802.1x (EAP-TLS)

Dear Munir,

It is already configured "dot1x timeout tx-period 5".... What i am asking here is that in reference to above HOTFIX, what value should also be reflect in switch or ISE to work with it?

Hopes it clear...

Could you please also let me know that what does the Re-authentication works in ISE and where is it preferred to configure in Switch Port or ISE?

Thanks,

New Member

Cisco ISE: HotFix and Timers for 802.1x (EAP-TLS)

Please find the link for : Switch Configuration Required to Support Cisco ISE Functions timer.

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.html

567
Views
0
Helpful
3
Replies