Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2418
Views
1
Helpful
15
Replies

CSCvz32377 - Port unauthorized due to ACL failure

hakkipeddi
Level 1
Level 1

‎11-08-2022 07:27 PM

Has anybody experienced this on higher versions? I see to replicate this issue on 17.3.5, Cisco 9300 switch with 28 lines of DACL - which shows empty after successful authentication.

2 people had this problem
Labels:
0 Helpful
15 Replies 15

johnmolina
Level 1
Level 1

‎05-23-2024 07:43 AM - edited ‎05-25-2024 08:31 PM

Hi there,

I've encountered a similar issue with DACLs on Cisco 9300 switches. Here are a few steps that helped me resolve it:

Check DACL Configuration:

  • Ensure that your DACL is properly configured and there are no syntax errors. Sometimes, even a small mistake can cause the DACL to appear empty after authentication.

Verify Authentication Settings:

  • Double-check the AAA configuration and ensure that the authentication method is correctly set up. Misconfigurations here can lead to the DACL not being applied correctly.

Firmware and Software Updates:

  • Make sure your switch is running the latest firmware and software version. Cisco frequently releases updates that fix bugs and improve performance. Upgrading to a more recent version might resolve the issue.

Debugging:

  • Use the debug commands to get more insights into what might be going wrong. For instance, you can use:

debug radius
debug aaa authentication
debug aaa authorization

These commands will give you detailed logs which can help pinpoint the problem.

Review Logs:

  • Check the switch logs for any errors or warnings that might give clues about why the DACL is not being applied correctly. Use the show logging command to review the logs.

Test with Minimal Configuration:

  • Sometimes, having too many lines in a DACL can cause issues. Try simplifying the DACL to a minimal configuration and see if it works. Gradually add more lines to identify if a specific line is causing the problem.

Engage Cisco TAC:

  • If the issue persists, it might be a bug specific to the version you're using. Consider opening a case with Cisco TAC for more in-depth troubleshooting and potential bug fixes.

In my case, updating to a newer IOS version and simplifying the DACL helped resolve the issue. I hope these steps help you as well.

quickgrade

0 Helpful
Customers Also Viewed These Support Documents