Wednesday, November 29, 2017

ISE port authentication keeps changing from dot1x to MAB after some time

Pretty much covered in the title, which is behavior that I don't want. For some reason, even if a device initially authenticates with dot1x, it will still eventually show up as MAB when I go to look at the auth sessions on the switch or in the ISE live sessions.

I do have the priority set thusly:

authentication priority dot1x mab

to allow phones to authenticate with MAB, which will also be used for guests eventually I think.

Anyway, what can I do to make sure dot1x sessions stay dot1x sessions instead of transforming into mab sessions.

Any help appreciated, thanks!



No comments:

Post a Comment