12-17-2018 02:23 AM - edited 12-17-2018 08:38 AM
Solved! Go to Solution.
12-19-2018 05:30 AM
At this point, please engage Cisco TAC to troubleshoot further. Please note that what I tested is an internal user and yours appear an AD user.
12-17-2018 11:53 AM
niño is working fine for me on a Windows 7 SP1 test client using the Windows native supplicant and a Cisco 3650 as the wired NAD.
12-17-2018 12:57 PM
Mind showing the details for the failed authentication?
12-17-2018 11:45 PM
We can see this:
1719680: Dec 10 14:10:41.504: RADIUS: User-Name [1] 17 "DOMAIN\ANuC1ez"
C1=ñ
Its like switch is not taking fine the character "ñ".
C2960X:
1720407: Dec 10 14:10:50.106: RADIUS(00000000): Send Access-Request to1812 onvrf(0) id 1645/55, len 472
1720408: Dec 10 14:10:50.106: RADIUS: authenticator 82
1720409: Dec 10 14:10:50.109: RADIUS: User-Name [1] 17 "DOMAIN\ANuC1ez"
1720410: Dec 10 14:10:50.109: RADIUS: Service-Type [6] 6 Framed [2]
1720411: Dec 10 14:10:50.109: RADIUS: Vendor, Cisco [26] 27
1720412: Dec 10 14:10:50.109: RADIUS: Cisco AVpair [1] 21 "service-type=Framed"
1720413: Dec 10 14:10:50.109: RADIUS: Framed-MTU [12] 6 1500
%DOT1X-5-FAIL: Authentication failed for client on Interface Gi2/0/32 AuditSessionID
12-18-2018 02:07 AM
switch is:
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(4)E6, RELEASE SOFTWARE (fc4)
just in case that the issue in on the switch
12-18-2018 05:22 PM
Our switch showed similar output but the authentication went fine in ISE. Please post the auth detail report from ISE or engage Cisco TAC to troubleshoot.
Below was the output from our lab switch:
3k-access#show authentication sessions mac 0050.5687.ea65 details
Interface: GigabitEthernet1/0/1
IIF-ID: 0x1071F400000006B
MAC Address: 0050.5687.ea65
IPv6 Address: Unknown
IPv4 Address: 10.1.50.202
User-Name: niC1o
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Common Session ID: 0A01640100000FB4A003CF1E
Acct Session ID: 0x00000FAA
Handle: 0x45000005
Current Policy: POLICY_Gi1/0/1
Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
Server Policies:
Method status list:
Method State
mab Stopped
dot1x Authc Success
12-18-2018 09:35 PM - edited 12-18-2018 09:38 PM
Note that authentication succeed even though IOS-XE shows the user-name thus:
"User-Name: niC1o"
So it may just be an encoding issue for the show command and not a functional issue of the switch.
12-19-2018 01:00 AM
the authentication with user "niño" is not working, but if we use "nino" is working fine. So it seems any issue with character "ñ". Do you know any issue about this?
12-19-2018 05:30 AM
At this point, please engage Cisco TAC to troubleshoot further. Please note that what I tested is an internal user and yours appear an AD user.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide