35409
Views
10
Helpful
9
Replies
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2018 01:11 AM - edited 02-21-2020 10:44 AM
Hi All, something's going wrong with dot1x auth of some win10 802.1x clients.
This is how the NAS port is configured:
interface GigabitEthernet1/0/5
authentication host-mode multi-domain
authentication port-control auto
authentication violation protect
dot1x pae authenticator
dot1x timeout tx-period 3
The following are the debug messages I get:
Jan 22 09:07:13.329: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2
Jan 22 09:07:13.329: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2
Jan 22 09:07:13.329: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2
Jan 22 09:07:13.329: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2
Disabling and re-enabling the NIC makes the authentication to success.
I think it's something related to the client, some other clients configured in the very same way are not getting any error.
Does anyone have any idea on what should I check or any debug that could point me in the right way?
Many thanks in advance!
Solved! Go to Solution.
Labels:
- Labels:
-
Other NAC
1 Accepted Solution
Accepted Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2018 01:56 AM
When this happens, do you see the MAC address on the port?
Some early IOS versions have bugs that cause authentication process not to pick up the MAC, even though the MAC appears on the port.
But if the MAC address is really not reported on the port when the problem happens then it is likely to be a client issue. I have seen the problem when PCs are on standby, when the NIC is kept up, but no MAC address appears on the port.
What make is the NIC? This could be a driver issue, might be NIC power saving settings, etc.
9 Replies 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2018 01:56 AM
When this happens, do you see the MAC address on the port?
Some early IOS versions have bugs that cause authentication process not to pick up the MAC, even though the MAC appears on the port.
But if the MAC address is really not reported on the port when the problem happens then it is likely to be a client issue. I have seen the problem when PCs are on standby, when the NIC is kept up, but no MAC address appears on the port.
What make is the NIC? This could be a driver issue, might be NIC power saving settings, etc.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2018 01:52 AM
Actually no mac address is shown on the switch interface.
The NIC is an Intel I218-LM and the issue arise randomly not only when recovering from standby status but even when a user only disconnects from his account.
Looked for bugs related to this issue but didn't find anything. I will schedule a driver upgrade (my driver version is quite new but not the latest). By now, I disabled power saving settings that let this NIC to be powered off, let's see if this helps.
Thanks for your thoughts!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2018 03:33 AM
Actually, when the problem arise, no mac address is shown in the interface:
# show mac address-table interface Gi2/0/7
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
# show auth sessions
Interface MAC Address Method Domain Status Session ID
Gi2/0/7 (unknown) N/A DATA Authz Failed AC10640B0000034DA87E3F46
We use an Intel I218-LM with driver not too much outdated, even still not the latest.
The strange thing is that the problem occurs randomly when the system recovers from a standby status, and also when the user disconnects from his account.
At this moment I disabled power saving settings on the NIC to see if this helps, moreover I will schedule a driver upgrade.
Many thanks for your thoughts!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2018 08:31 PM
Please try the command.
Switch(config)# authentication mac-move permit
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2018 06:57 PM
I have started seeing this same odd behavior on newer dell laptops using USB-C docks.
What resolved your issue?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2020 06:18 AM
Hi,
i have the same problem, but no solution about your perpos
sh authentication int f0/14
Client list:
Interface MAC Address Method Domain Status Session ID
Fa0/14 54ee.75f5.3d80 N/A DATA Authz Failed AC190372000000B519A791FF
Available methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
Runnable methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2020 07:21 AM
Wafiaggoun yours appears to be a different issue based on your output. This post was about client being put in an unknown state.
your output shows the device being identified as data but has failed authentication for some reason. What did your logs say on the switch or auth logs in ISE? What model of switch is that and what version of ISE?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2020 12:31 AM - edited 12-07-2020 12:34 AM
Hi AdamF1,
There are all details of your questions :
Switch :
Model SW Version SW Image
------ ---------- ----------
WS-C2960-24TT-L 12.2(55)SE10 C2960-LANBASEK9-M
ISE version : Version 2.3.0.298
SW-AX6-00-01-test#R-5-VLANASSIGN: VLAN 251 assigned to Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:44.526: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:44.535: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:44.879: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (54ee.75f5.3d80) on
SW-AX6-00-01-test#Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.717: %DOT1X-5-SUCCESS: Authentication successful for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:11:45.717: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.726: %AUTHMGR-5-VLANASSIGN: VLAN 251 assigned to Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.743: %
SW-AX6-00-01-test#AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.751: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.910: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
SW-AX6-00-01-test#sh auth int f0/14
Client list:
Interface MAC Address Method Domain Status Session ID
Fa0/14 0c27.2454.6e63 mab VOICE Authz Failed AC190372000000CA1D8DBAF5
Fa0/14 54ee.75f5.3d80 dot1x DATA Authz Failed AC190372000000CC1D8E1CFF
Available methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
Runnable methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: DOMAIN\aaggoun
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CC1D8E1CFF
Acct Session ID: 0x00000148
Handle: 0x700000CC
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
SW-AX6-00-01-test#
.Dec 7 09:12:27.082: %AUTHMGR-5-START: Starting 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#
.Dec 7 09:12:36.351: %DOT1X-5-FAIL: Authentication failed for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID
.Dec 7 09:12:36.351: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.351: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.351: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.368: %MAB-5-SUCCESS: Authentication successful for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.368: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.393: %AUTHMGR-5-FAIL: Authorization failed for client (0c27.2454.6e63) o
SW-AX6-00-01-test#n Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:37.375: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#
.Dec 7 09:12:54.874: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
SW-AX6-00-01-test#
.Dec 7 09:12:54.874: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
SW-AX6-00-01-test#sh auth sess int f0/14
.Dec 7 09:13:04.135: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
SW-AX6-00-01-test#sh auth int f0/14
.Dec 7 09:13:04.135: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
SW-AX6-00-01-test#sh auth int f0/14
.Dec 7 09:13:05.175: %AUTHMGR-5-START: Starting 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#sh auth int f0/14
.Dec 7 09:13:14.436: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:13:14.436: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.436: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.436: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test#sh auth int f0/14 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.453: %MAB-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (54ee.75f5.3d8
SW-AX6-00-01-test#sh auth int f0/140) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#sh auth int f0/14
Client list:
Interface MAC Address Method Domain Status Session ID
Fa0/14 0c27.2454.6e63 mab VOICE Authz Failed AC190372000000CA1D8DBAF5
Fa0/14 54ee.75f5.3d80 N/A DATA Authz Failed AC190372000000CD1D8F5D9A
Available methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
Runnable methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CD1D8F5D9A
Acct Session ID: 0x00000149
Handle: 0x750000CD
Runnable methods list:
Method State
dot1x Failed over
mab Failed over
SW-AX6-00-01-test#
.Dec 7 09:13:37.060: %AUTHMGR-5-START: Starting 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#
.Dec 7 09:13:46.321: %DOT1X-5-FAIL: Authentication failed for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID
.Dec 7 09:13:46.321: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.321: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.321: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.346: %MAB-5-SUCCESS: Authentication successful for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.346: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.363: %AUTHMGR-5-FAIL: Authorization failed for client (0c27.2454.6e63) o
SW-AX6-00-01-test#n Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:47.353: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CD1D8F5D9A
Acct Session ID: 0x00000149
Handle: 0x750000CD
Runnable methods list:
Method State
dot1x Failed over
mab Failed over
SW-AX6-00-01-test#
.Dec 7 09:14:15.153: %AUTHMGR-5-START: Starting 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
.Dec 7 09:14:24.414: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:14:24.414: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.414: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.414: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %MAB-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (54ee.75f5.3d8
SW-AX6-00-01-test#0) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
.Dec 7 09:14:57.339: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: 54ee75f53d80
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CD1D8F5D9A
Acct Session ID: 0x00000149
Handle: 0x750000CD
Runnable methods list:
Method State
dot1x Failed over
mab Failed over
SW-AX6-00-01-test#
.Dec 7 09:15:25.123: %AUTHMGR-5-START: Starting 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
.Dec 7 09:15:34.384: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:15:34.384: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.384: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.384: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %MAB-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (54ee.75f5.3d8
SW-AX6-00-01-test#0) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
It starts to authenticate after it quits, yet on the ISE, it displays the Event: 5200 Authentication succeeded
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2020 01:30 AM
Hi damF1,
There are in bottom detail of your questions :
ISE : Version 2.3.0.298
Switch :
Model SW Version SW Image
----- ---------- ----------
WS-C2960-24TT-L 12.2(55)SE10 C2960-LANBASEK9-M
SW-AX6-00-01-test#R-5-VLANASSIGN: VLAN 251 assigned to Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:44.526: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:44.535: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:44.879: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (54ee.75f5.3d80) on
SW-AX6-00-01-test#Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.717: %DOT1X-5-SUCCESS: Authentication successful for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:11:45.717: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.726: %AUTHMGR-5-VLANASSIGN: VLAN 251 assigned to Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.743: %
SW-AX6-00-01-test#AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.751: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
.Dec 7 09:11:45.910: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
SW-AX6-00-01-test#sh auth int f0/14
Client list:
Interface MAC Address Method Domain Status Session ID
Fa0/14 0c27.2454.6e63 mab VOICE Authz Failed AC190372000000CA1D8DBAF5
Fa0/14 54ee.75f5.3d80 dot1x DATA Authz Failed AC190372000000CC1D8E1CFF
Available methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
Runnable methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: DOMAIN\aaggoun
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CC1D8E1CFF
Acct Session ID: 0x00000148
Handle: 0x700000CC
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
SW-AX6-00-01-test#
.Dec 7 09:12:27.082: %AUTHMGR-5-START: Starting 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#
.Dec 7 09:12:36.351: %DOT1X-5-FAIL: Authentication failed for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID
.Dec 7 09:12:36.351: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.351: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.351: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.368: %MAB-5-SUCCESS: Authentication successful for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.368: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:36.393: %AUTHMGR-5-FAIL: Authorization failed for client (0c27.2454.6e63) o
SW-AX6-00-01-test#n Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:12:37.375: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#
.Dec 7 09:12:54.874: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
SW-AX6-00-01-test#
.Dec 7 09:12:54.874: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
SW-AX6-00-01-test#sh auth sess int f0/14
.Dec 7 09:13:04.135: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
SW-AX6-00-01-test#sh auth int f0/14
.Dec 7 09:13:04.135: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CC1D8E1CFF
SW-AX6-00-01-test#sh auth int f0/14
.Dec 7 09:13:05.175: %AUTHMGR-5-START: Starting 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#sh auth int f0/14
.Dec 7 09:13:14.436: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:13:14.436: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.436: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.436: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test#sh auth int f0/14 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.453: %MAB-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (54ee.75f5.3d8
SW-AX6-00-01-test#sh auth int f0/140) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:13:14.461: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#sh auth int f0/14
Client list:
Interface MAC Address Method Domain Status Session ID
Fa0/14 0c27.2454.6e63 mab VOICE Authz Failed AC190372000000CA1D8DBAF5
Fa0/14 54ee.75f5.3d80 N/A DATA Authz Failed AC190372000000CD1D8F5D9A
Available methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
Runnable methods list:
Handle Priority Name
3 0 dot1x
2 1 mab
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CD1D8F5D9A
Acct Session ID: 0x00000149
Handle: 0x750000CD
Runnable methods list:
Method State
dot1x Failed over
mab Failed over
SW-AX6-00-01-test#
.Dec 7 09:13:37.060: %AUTHMGR-5-START: Starting 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#
.Dec 7 09:13:46.321: %DOT1X-5-FAIL: Authentication failed for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID
.Dec 7 09:13:46.321: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.321: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.321: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.346: %MAB-5-SUCCESS: Authentication successful for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.346: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:46.363: %AUTHMGR-5-FAIL: Authorization failed for client (0c27.2454.6e63) o
SW-AX6-00-01-test#n Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
.Dec 7 09:13:47.353: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CD1D8F5D9A
Acct Session ID: 0x00000149
Handle: 0x750000CD
Runnable methods list:
Method State
dot1x Failed over
mab Failed over
SW-AX6-00-01-test#
.Dec 7 09:14:15.153: %AUTHMGR-5-START: Starting 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
.Dec 7 09:14:24.414: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:14:24.414: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.414: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.414: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %MAB-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (54ee.75f5.3d8
SW-AX6-00-01-test#0) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:14:24.431: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
.Dec 7 09:14:57.339: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0c27.2454.6e63) on Interface Fa0/14 AuditSessionID AC190372000000CA1D8DBAF5
SW-AX6-00-01-test#sh auth sess int f0/14
Interface: FastEthernet0/14
MAC Address: 0c27.2454.6e63
IP Address: Unknown
User-Name: 0C-27-24-54-6E-63
Status: Authz Failed
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CA1D8DBAF5
Acct Session ID: 0x00000146
Handle: 0xD30000CA
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
----------------------------------------
Interface: FastEthernet0/14
MAC Address: 54ee.75f5.3d80
IP Address: Unknown
User-Name: 54ee75f53d80
Status: Authz Failed
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC190372000000CD1D8F5D9A
Acct Session ID: 0x00000149
Handle: 0x750000CD
Runnable methods list:
Method State
dot1x Failed over
mab Failed over
SW-AX6-00-01-test#
.Dec 7 09:15:25.123: %AUTHMGR-5-START: Starting 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
.Dec 7 09:15:34.384: %DOT1X-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID
.Dec 7 09:15:34.384: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.384: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.384: %AUTHMGR-5-START: Starting
SW-AX6-00-01-test# 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %MAB-5-FAIL: Authentication failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (54ee.75f5.3d8
SW-AX6-00-01-test#0) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
.Dec 7 09:15:34.401: %AUTHMGR-5-FAIL: Authorization failed for client (54ee.75f5.3d80) on Interface Fa0/14 AuditSessionID AC190372000000CD1D8F5D9A
SW-AX6-00-01-test#
It starts to authenticate after it quits, yet on the ISE, it displays the Event: 5200 Authentication succeeded
