03-05-2012 08:10 AM - edited 03-10-2019 06:52 PM
Hello all,
I have followed the steps in this document in detail:
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml
however, my central authentication does not work. I get to the guest portal, i get authenticated through the guest portal,
but then the "second" MAB authenticatino doesn't happen.
In the last screencapture of the document, you get a green "Dynamic Authorization" line (third line from below). On my system
this is a red line with the error message "11213 No response received from Network Access Device".
(i have a successfull guest authentication in my ise logs, but it seems ise is unable to bounce or initiate the second MAB....)
Any ideas ?
regards,
Geert
03-05-2012 08:36 AM
Ok, so it seems i was missing the CoA configuration:
After adding
aaa server radius dynamic-author
client
it worked....
03-08-2012 05:59 AM
By the way, i feel the document example is a bit too general. For example, if you implement the document, ISE will do web authentication and redirection even when you are using a 802.1X client and are authenticated (and you have no other rules in your Autorization sequence table)
I managed to prevent this by adding an additional condition to the first rule "MAC not known" that has the CentralWebAuth policy. Only do webautentication if MAC not known AND Wired_MAB is being used.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide