Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3724
Views
0
Helpful
2
Replies

Authorization Failure Reason: ACL Failure

Walker
Level 1
Level 1

‎02-17-2023 07:05 AM

I have a Cisco 3650 on IOS XE 16.12.06 that has some endpoints connected to it and authorizing successfully via MAB.

Here is the issue that has happened multiple times now - Randomly, usually during the middle of the night, these devices will fail with the following error:

%SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (abcd.1234.954a) on Interface GigabitEthernet1/0/5 AuditSessionID 0A98004A000000115673EC93. Failure Reason: ACL Failure. Failed attribute name xACSACLx-IP-ALLOW-627e6a57.

The devices do have a reauthentication timer set and the DACL is pulled from ISE. The DACL is a single line, allowing ipv4 any. The fix action for when this occurs is to just bounce the port - then they will auth successfully.

Does anyone have an idea of what could be causing this random ACL failure?

0 Helpful
2 Replies 2

Rodrigo Diaz
Cisco Employee
Cisco Employee

‎02-17-2023 10:42 AM

hello @Walker , your behavior may be related to the following bug CSCvz32377 , it would be worthy to verify if with a different version of IOS the behavior improves. 

Let me know if that helped you. 

0 Helpful

mariya.telitsina
Level 1
Level 1

‎06-19-2025 02:39 AM

Hello, I have just run into this issue. Just for the info: I had a DACL with 10 lines, i deleted 4 deny statements, leaving only permit tcp any host xxx . it helped me, so I hope it will help to others. Always check the syntax of DACL and the source always has to be ANY

0 Helpful
Customers Also Viewed These Support Documents