Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
280
Views
1
Helpful
4
Replies

802.1x sh auth does not display any active session

getaway51
Level 2
Level 2

ā€Ž07-14-2024 07:36 PM

Hi,

I am runnning in monitor mode means "no access-session closed" applied on the template of the switch.

However when I  run "sh auth br", there was no active sessions. Is it because the switch is in monitor mode? 

 

 

Labels:
0 Helpful
4 Replies 4

Greg Gibbs
Cisco Employee
Cisco Employee

ā€Ž07-14-2024 10:39 PM

No, the switch should still show live sessions for Monitor Mode. I would suggest checking that you have all of the necessary AAA and IBNS 2.0 settings configured as per the best practices documented in the ISE Secure Wired Access Prescriptive Deployment Guide.

0 Helpful

getaway51
Level 2
Level 2

ā€Ž07-15-2024 07:50 AM - edited ā€Ž07-15-2024 08:06 AM

All switches configured with the correct same script. The ports are configured with dot1x template and sh int status shows port connected. However sh auth br or show access-session display no live sessions. All switches configured with the same script. Some has this issue-no live sessions. Some no issue- shows live sessions.Not sure wht is causing this. Is there any troubleshooting cmd to find out whts happening like sh dot1x, etc. I tried sh auth br, sh dot1x, sh access-session but no clue. 

Greg Gibbs
Cisco Employee
Cisco Employee
In response to getaway51

ā€Ž07-15-2024 02:57 PM

You have not shared any details about your environment (switch hardware/software versions, ISE version, configuration examples, screenshots, diagrams, etc).
See How to Ask the Community for Help for seeking future assistance from the Community.

Here is a troubleshooting guide for the Cat 9000 switches, if that is relevant to your environment. Troubleshooting using debugs can be difficult if you don't know what to look for, so you might be better off opening a TAC case for help investigating the issue.
Troubleshoot Dot1x on Catalyst 9000 Series Switches 

0 Helpful

getaway51
Level 2
Level 2

ā€Ž07-22-2024 03:39 AM

Hi,

I attached the switch dot1x config. Pls help to advice wht needs to be done. Only output is No sessions match supplied criteria and
No Auth Manager presence on this interface. Pls help!!!

sh auth br
No sessions currently exist

 

sh auth session int Gi1/0/12
No sessions match supplied criteria.
No Auth Manager presence on this interface

sh auth session int Gi1/0/12 det
No sessions match supplied criteria.

 

 

Preview file
5 KB
0 Helpful
Customers Also Viewed These Support Documents