cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

171
Views
0
Helpful
0
Replies
Highlighted
Beginner

Authentication not going through d:NA eventhough MAC address already in MAC bypass list

Hi,

 

Authentication not going through d:NA UZ: SA- FA- eventhough MAC address already in MAC bypass list.

I have same AP and port config all the same but some AZ and some UZ. All MAC already in MAC bypass list.

 

If see below, sh auth br – UZ (unauthorized), it should be AZ (authorized) since MAC addresses for all the AP already bypass in the Cisco ISE.

 

CKID0003#sh auth br

Interface  MAC Address     AuthC           AuthZ                   Fg  Uptime

-----------------------------------------------------------------------------

Gi1/0/28   084f.a9b6.a33a  d:NA           UZ: SA- FA-             X    32027s

Gi1/0/26   084f.a9b6.a338  m:OK d:NR      AZ: SA-                 X    32766s

Gi1/0/27   084f.a9b6.a5fe  d:NA           UZ: SA- FA-             X    32036s

 

interface GigabitEthernet1/0/28

 description CiscoAP

 switchport access vlan 40

 switchport mode access

 ipv6 traffic-filter FHS_ACCESS_PORT in

 storm-control broadcast level pps 5k

 storm-control multicast level pps 5k

 storm-control action shutdown

 source template 802_1x

end