Match result-type method dot1x agent-not-foundĬlass-map type control subscriber match-all MABĬlass-map type control subscriber match-all MAB_FAILED Match result-type method dot1x authoritativeĬlass-map type control subscriber match-all DOT1X_NO_RESP Text access-session acl default passthroughĬlass-map type control subscriber match-all DOT1XĬlass-map type control subscriber match-all DOT1X_FAILED
The switch does not have "access-session mac-move deny" configured on it though, so by default, it should allow mac-move, right? Maybe there's a template configuration that is preventing the mac addresses from moving? Any ideas?īelow is the dot1x configuration and port templates. That's why we're thinking it has something to do with moving mac addresses around.
#Authentication mac move permit Pc#
By shutting and no shutting the old interface to clear that mac address, the PC started working on the new interface and the new interface picked up the mac address. While looking into we noticed that the old interface still had the mac address in it's table even though that PC had been unplugged from that interface for several hours. The new interface does not learn the mac address of the PC. However, when we move that PC to a different switch or different VLAN, it stops working.
When a PC authenticates to a port on a specific VLAN, it works fine. It's currently set up in Monitor mode, but we seem to be having an issue with what we think is related to "mac-move". Currently having an issue with our ISE and dot1x config on our switches.
0 kommentar(er)
