Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1731
Views
0
Helpful
1
Replies

Authorization Failure Reason: ACL Failure

Walker
Level 1
Level 1

‎02-17-2023 07:05 AM

I have a Cisco 3650 on IOS XE 16.12.06 that has some endpoints connected to it and authorizing successfully via MAB.

Here is the issue that has happened multiple times now - Randomly, usually during the middle of the night, these devices will fail with the following error:

%SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (abcd.1234.954a) on Interface GigabitEthernet1/0/5 AuditSessionID 0A98004A000000115673EC93. Failure Reason: ACL Failure. Failed attribute name xACSACLx-IP-ALLOW-627e6a57.

The devices do have a reauthentication timer set and the DACL is pulled from ISE. The DACL is a single line, allowing ipv4 any. The fix action for when this occurs is to just bounce the port - then they will auth successfully.

Does anyone have an idea of what could be causing this random ACL failure?

0 Helpful
1 Reply 1

Rodrigo Diaz
Cisco Employee
Cisco Employee

‎02-17-2023 10:42 AM

hello @Walker , your behavior may be related to the following bug CSCvz32377 , it would be worthy to verify if with a different version of IOS the behavior improves. 

Let me know if that helped you. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents