https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4132518#M562218 Take the packet capture on ISE Node to check the RADIUS Access-Request packets from the switch and simultaneous debugs for aaa authentication and radius on the switch to correlate the issue.<BR />Also provide the HW/SW of the switch along with the port configuration. Sat, 08 Aug 2020 15:40:09 GMT poongarg 2020-08-08T15:40:09Z https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4128202#M562010 <P>Hi,</P><P>I found a very strange issue here. I have <STRONG>included the mac address in the bypass list</STRONG> but however it doesnt seems to get authenticated , always remain as UZ. Therefore once CLOSED mode enforced, the device port Gi1/0/46 gets <STRONG>DROP</STRONG></P><P>Anyone has any idea please? I am really stuck!</P><P>&nbsp;</P><P>CMX003#sh auth br<BR />Interface MAC Address AuthC AuthZ Fg Uptime<BR />-----------------------------------------------------------------------------<BR />Gi1/0/46 084f.a566.a118<STRONG> d:NA</STRONG> UZ: SA- FA- X 43s</P><P>&nbsp;</P><P>sh mac address-table</P><P>804 084f.a566.a118 DYNAMIC<STRONG> Drop</STRONG><BR />804 084f.a9b6.a11f DYNAMIC Gi1/0/48</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 30 Jul 2020 17:09:57 GMT https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4128202#M562010 getaway51 2020-07-30T17:09:57Z https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4128861#M562041 <P>Please see <STRONG><A href="https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356" target="_blank">How to Ask the Community for Help</A></STRONG>&nbsp;to provide more details.</P> <P>Unclear what you are doing, why you are doing it, switch model, software version, switchport config, ISE matching authorization rule,&nbsp; result, etc.</P> <P>&nbsp;</P> Fri, 31 Jul 2020 20:35:44 GMT https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4128861#M562041 thomas 2020-07-31T20:35:44Z https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4128937#M562043 <P>Hello,</P><P>&nbsp;</P><P><STRONG>Question(s):&nbsp;</STRONG>Even after adding MAC address of device in MAB group, the switch still shows UZ&nbsp;(status Unauthorized in switch-sh auth br) and&nbsp;ISE doesnt shows any info the MAC address attached to a switch like usual (just have a record of MAC address under context visibility).&nbsp;</P><P><STRONG>Goal</STRONG><SPAN>:A</SPAN>ny device MAC address added into the MAB group in ISE policy will be AZ (status authorized in switch-sh auth br).</P><P><STRONG>Errors</STRONG><SPAN>: sh auth br - d:NA&nbsp; UZ</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 01 Aug 2020 03:55:49 GMT https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4128937#M562043 getaway51 2020-08-01T03:55:49Z https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4132518#M562218 Take the packet capture on ISE Node to check the RADIUS Access-Request packets from the switch and simultaneous debugs for aaa authentication and radius on the switch to correlate the issue.<BR />Also provide the HW/SW of the switch along with the port configuration. Sat, 08 Aug 2020 15:40:09 GMT https://community.cisco.com/t5/network-access-control/unauthorized-even-after-adding-mac-address-in-group-bypass-mac/m-p/4132518#M562218 poongarg 2020-08-08T15:40:09Z