cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1167
Views
0
Helpful
1
Replies
Highlighted
Beginner

Cisco 9300 Authorization failure: Failure reason: Authc fail. Authc failure reason: Missing Config.

We are using for authentication both mab/dot1x, see port config below.

For authentication order we use dot1x mab. authentication, mab, dot1x ,ise

 

When connection a device that uses mab, we are receiving this error:

 

%SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (XXXX.XXXX.XXXX) on Interface GigabitEthernet1/0/28 AuditSessionID 1180FC0A00000047DE238CC2. Failure reason: Authc fail. Authc failure reason: Missing Config.

 

When we change the order to mab dot1x, the authorization succeeds.

 

This device don't support dot1x, so normally it will fall back to mab. On our 2960X platform, using the same port configurtion, this error doens't occur. It looks like a bug to me... 

 

Environment: C9300-48U running 16.09.04

 

Port config:

 

switchport access vlan XX
switchport mode access
switchport voice vlan XX
switchport port-security maximum 2
switchport port-security aging time 5
switchport port-security aging type inactivity
switchport port-security
load-interval 30
authentication control-direction in
authentication event fail action next-method
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-req 1
storm-control broadcast level pps 1k 500
storm-control action shutdown
spanning-tree portfast
spanning-tree guard root
ip dhcp snooping limit rate 100

 

Everyone's tags (6)
1 REPLY 1
Highlighted
Enthusiast

Re: Cisco 9300 Authorization failure: Failure reason: Authc fail. Authc failure reason: Missing Config.

I think you can config the simply and needly commands on interface first. Then,you can add the command one by one.to check the root reason.

thx
CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey