https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4535355#M572323 <P>Hello,</P><P>Maybe you find the solution ?</P><P>&nbsp;</P> Thu, 20 Jan 2022 21:24:34 GMT Adrian Collantes 2022-01-20T21:24:34Z https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4436134#M568559 <P>Good afternoon,</P><P>&nbsp;</P><P>We have recently come across an issue in our environment that we hope you can assist us with.&nbsp;</P><P>&nbsp;</P><P>On the live logs, we noticed that some devices are failing authentication, leaving them in a disconnected state (i.e. no LAN or Wifi connectivity). We can identify the devices as their identity shows as "host/{deviceName.domain}" whereas when they successfully authenticate they show as {DeviceName.domain}.</P><P>&nbsp;</P><P>Sometimes the devices reauthenticate and connects successfully (can take up to 35 minutes although the average is around 1 minute), other times a port bounce is required to get them reconnected.&nbsp;&nbsp;</P><P>&nbsp;</P><P>The strange thing is that the issue is intermittent and not linked to a particular device or type.&nbsp;</P><P>&nbsp;</P><P><STRONG>Background</STRONG></P><P>- Windows 10 20H2 devices</P><P>- Cisco 2960x user switches</P><P>- Cisco ISE 2.7 patch 2 running on VMWare</P><P>- User devices are authenticated using a machine certificate</P><P>&nbsp;</P><P><STRONG>Device Error</STRONG></P><P>&nbsp;</P><P><STRONG><SPAN>Event: </SPAN></STRONG>5411 Supplicant stopped responding to ISE</P><P><STRONG><SPAN>Failure Reason:&nbsp;</SPAN></STRONG>12934 Supplicant stopped responding to ISE during PEAP tunnel establishment</P><P><STRONG><SPAN>Resolution:&nbsp;</SPAN></STRONG>Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to/from supplicant. Verify that supplicant or NAS does not have a short timeout for EAP conversation. Check the network that connects the Network Access Server to ISE. Verify that ISE local server certificate is trusted on supplicant.</P><P><STRONG><SPAN>Root Cause:&nbsp;</SPAN></STRONG>Supplicant stopped responding to ISE during PEAP tunnel establishment</P><P>&nbsp;</P><P>I have attached a screenshot of the errors and an output of a result, any help would be appreciated.&nbsp;</P><P>&nbsp;</P><P>FYI a TAC has been opened with Cisco.&nbsp;</P><P>&nbsp;</P><P>Thanks in advance.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 20 Jul 2021 16:09:35 GMT https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4436134#M568559 InfraISE2020 2021-07-20T16:09:35Z https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4436320#M568573 <P>If possible please share the following:</P> <P>-Supplicant being used (native/nam)</P> <P>-Interface config</P> <P>-Supplicant config</P> <P>-Switch debugs</P> Wed, 21 Jul 2021 00:11:40 GMT https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4436320#M568573 Mike.Cifelli 2021-07-21T00:11:40Z https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4445754#M568905 <P>You already opened a TAC case - I am closing this thread to prevent duplicate efforts and not waste people's time.</P> <P>In the future it would be great if you could post a followup to your thread for what solved the problem so others could learn from it.</P> Sat, 07 Aug 2021 02:03:48 GMT https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4445754#M568905 thomas 2021-08-07T02:03:48Z https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4535355#M572323 <P>Hello,</P><P>Maybe you find the solution ?</P><P>&nbsp;</P> Thu, 20 Jan 2022 21:24:34 GMT https://community.cisco.com/t5/network-access-control/802-1x-failures/m-p/4535355#M572323 Adrian Collantes 2022-01-20T21:24:34Z