Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5104
Views
5
Helpful
3
Replies

802.1x failures

Go to solution
InfraISE2020
Level 1
Level 1

‎07-20-2021 09:09 AM

Good afternoon,

 

We have recently come across an issue in our environment that we hope you can assist us with. 

 

On the live logs, we noticed that some devices are failing authentication, leaving them in a disconnected state (i.e. no LAN or Wifi connectivity). We can identify the devices as their identity shows as "host/{deviceName.domain}" whereas when they successfully authenticate they show as {DeviceName.domain}.

 

Sometimes the devices reauthenticate and connects successfully (can take up to 35 minutes although the average is around 1 minute), other times a port bounce is required to get them reconnected.  

 

The strange thing is that the issue is intermittent and not linked to a particular device or type. 

 

Background

- Windows 10 20H2 devices

- Cisco 2960x user switches

- Cisco ISE 2.7 patch 2 running on VMWare

- User devices are authenticated using a machine certificate

 

Device Error

 

Event: 5411 Supplicant stopped responding to ISE

Failure Reason: 12934 Supplicant stopped responding to ISE during PEAP tunnel establishment

Resolution: Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to/from supplicant. Verify that supplicant or NAS does not have a short timeout for EAP conversation. Check the network that connects the Network Access Server to ISE. Verify that ISE local server certificate is trusted on supplicant.

Root Cause: Supplicant stopped responding to ISE during PEAP tunnel establishment

 

I have attached a screenshot of the errors and an output of a result, any help would be appreciated. 

 

FYI a TAC has been opened with Cisco. 

 

Thanks in advance. 

 

 

3 people had this problem
Preview file
14 KB
Preview file
120 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎08-06-2021 07:03 PM

You already opened a TAC case - I am closing this thread to prevent duplicate efforts and not waste people's time.

In the future it would be great if you could post a followup to your thread for what solved the problem so others could learn from it.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-20-2021 05:11 PM

If possible please share the following:

-Supplicant being used (native/nam)

-Interface config

-Supplicant config

-Switch debugs

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎08-06-2021 07:03 PM

You already opened a TAC case - I am closing this thread to prevent duplicate efforts and not waste people's time.

In the future it would be great if you could post a followup to your thread for what solved the problem so others could learn from it.

0 Helpful

Go to solution
Adrian Collantes
Level 1
Level 1

‎01-20-2022 01:24 PM

Hello,

Maybe you find the solution ?

 

Customers Also Viewed These Support Documents