Ethernet Switching
Showing results for 
Search instead for 
Do you mean 
Reply
New User
Posts: 2
Registered: ‎09-12-2014
0 Kudos

EX4200 DOT1x and Cisco ISE

Hi

 

The issue I’m experiencing is with DOT1x, specifically CERT authentications are failing, the endpoint will then fail over to MAC authentication

Some endpoints are working but we do have alot of failures

I am using Juniper EX4200 version 12.3R6.6
I am using Cisco ISE (version 2.1 patch 3) as my RADIUS server
Clients are windows, primarily 7 and 10
I am using certificates (EAP TLS) as my AUTH method
My fail back method is MAB

My config is as follows, in case anyone can see any immediate issues
    dot1x {
        traceoptions {
            file dot1x;
            flag state;
            flag dot1x-debug;
            flag eapol;
        }
        authenticator {
            authentication-profile-name ISE;
            no-mac-table-binding;
            interface {
                ISE {
                    supplicant multiple;
                    retries 3;
                    quiet-period 15;
                    transmit-period 30;
                    mac-radius;
                    reauthentication 14400;
                    supplicant-timeout 30;
                    server-timeout 30;
                    maximum-requests 3;
                    server-fail use-cache;


access {
    radius-server {
              }
    }
    profile ISE {
        authentication-order radius;
        radius {
            authentication-server [ x.x.x.x x.x.x.x ];
            accounting-server [ x.x.x.x x.x.x.x ];
        }
        accounting {
            order radius;
            accounting-stop-on-failure;
            accounting-stop-on-access-deny;
            immediate-update;
            coa-immediate-update;
 
Regards
Simon