Solved: Anyconnect 3.1 NAM and wired 802.1x auth failover
I installed AnyConnect 3.1.04063 on a win7 box. It's set up with two admin-defined wired network profiles: One for EAP-TLS machine auth and one for unauthenticated access.
The EAP-TLS autheticated just fine when connected to a corporate-owned switch, but when I connect to another network (test beds, home net), it still uses the EAP-TLS profile. How do I get it to fail over to the other profile?
I am in the early stages of pushing out wired NAC to locations. I have the same two profiles, one that is doing EAP-Chaining and one open authentication. I have tested these two profiles for pre-deployment, switches aren't configure to do 802.1x with ISE will be doing open authentication. Switches that are configure to do 802.1x will do EAP-Chaining, but have you run into situations where the PC is doing EAP-Chaining with Machine authentication (no user logged in) at a branch site. The site loses WAN connection back to the ISE node at hub location, machine switches profile to open authentication and allows user to login based on being logged in before. Once the WAN link is back up, profile is stuck on open authentication and wont re authentication (user+machine) with EAP-chaining for full network access unless the port bounce or the machine is restarted. Thanks for the great info and help!
interface FastEthernet0/1 description Data Port switchport access vlan 116 switchport mode access ip access-group ACL-DEFAULT in speed 10 duplex full authentication event fail action next-method authentication event server dead action authorize authentication event server alive action reinitialize authentication host-mode multi-domain authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity 180 authentication violation restrict mab no snmp trap link-status dot1x pae authenticator dot1x timeout tx-period 10 no mdix auto spanning-tree portfast spanning-tree bpduguard enable
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...