topic Re: Authorization Failure Reason: ACL Failure in Network Access Control

Authorization Failure Reason: ACL Failure

Walker — Fri, 17 Feb 2023 15:05:27 GMT

I have a Cisco 3650 on IOS XE 16.12.06 that has some endpoints connected to it and authorizing successfully via MAB.

Here is the issue that has happened multiple times now - Randomly, usually during the middle of the night, these devices will fail with the following error:

%SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (abcd.1234.954a) on Interface GigabitEthernet1/0/5 AuditSessionID 0A98004A000000115673EC93. Failure Reason: ACL Failure. Failed attribute name xACSACLx-IP-ALLOW-627e6a57.

The devices do have a reauthentication timer set and the DACL is pulled from ISE. The DACL is a single line, allowing ipv4 any. The fix action for when this occurs is to just bounce the port - then they will auth successfully.

Does anyone have an idea of what could be causing this random ACL failure?

Re: Authorization Failure Reason: ACL Failure

Rodrigo Diaz — Fri, 17 Feb 2023 18:42:56 GMT

hello @Walker , your behavior may be related to the following bug CSCvz32377 , it would be worthy to verify if with a different version of IOS the behavior improves.

Let me know if that helped you.

Re: Authorization Failure Reason: ACL Failure

mariya.telitsina — Thu, 19 Jun 2025 09:39:13 GMT

Hello, I have just run into this issue. Just for the info: I had a DACL with 10 lines, i deleted 4 deny statements, leaving only permit tcp any host xxx . it helped me, so I hope it will help to others. Always check the syntax of DACL and the source always has to be ANY