White Paper
© 2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information
Page 15 of 19
White Paper
!
class-map type control subscriber match-all MAB_FAILED
match method mab
match result-type method mab authoritative
!
class-map type control subscriber match-none NOT_IN_CRITICAL_AUTH
match activated-service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
match activated-service-template FAIL_OPEN_ACL
!
!
policy-map type control subscriber IDENTITY-POLICY
event session-started match-all
10 class always do-until-failure
10 authenticate using dot1x retries 2 retry-time 0 priority 10
event authentication-failure match-first
5 class AAA_SVR_DOWN_UNAUTHD_HOST do-until-failure
10 activate service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
15 activate service-template FAIL_OPEN_ACL
20 authorize
30 pause reauthentication
10 class AAA_SVR_DOWN_AUTHD_HOST do-until-failure
10 pause reauthentication
20 authorize
20 class DOT1X_FAILED do-until-failure
10 terminate dot1x
30 authenticate using mab priority 10
30 class DOT1X_NO_RESP do-until-failure
10 terminate dot1x
20 authenticate using mab priority 10
40 class MAB_FAILED do-until-failure
10 terminate mab
30 authorize
40 authentication-restart 60
50 class always do-until-failure
10 terminate dot1x
20 terminate mab
30 authentication-restart 60
event agent-found match-all
10 class always do-until-failure
10 terminate mab
20 authenticate using dot1x priority 10
event aaa-available match-all
10 class IN_CRITICAL_AUTH do-until-failure