06-18-2018 11:33 PM - edited 02-21-2020 10:58 AM
I am trying to quarantine endpoint that is already authenticated using wired 802.1x protocol in the network.(i.e ISE UI shows session of that endpoint in session log tab ) but whenever I QUARANTIBE/PORT_BOUNCE endpoint using ANC feature it fails.
ANC policy structure as follows :
I have created policy P01_QUARANTIBE with action as QUARANTINE
i.e P01_QUARANTINE -> QUARANTINE
Assingned it to endpoint.
P01_QUARANTIBE -> mac_addr of device that is already in the network
(ISE also showing session in session logs)
After clicking on submit button it says, Radius Failure with following switch console error:
"audit-session-id=null"
*Mar 2 02:40:29.568: COA: 192.168.20.53 request queued
*Mar 2 02:40:29.568: RADIUS: authenticator B8 76 1F D5 A8 DD 14 65 - 9E C8 92 7E D5 EA 3F 1A
*Mar 2 02:40:29.568: RADIUS: NAS-IP-Address [4] 6 192.168.20.1
*Mar 2 02:40:29.568: RADIUS: Calling-Station-Id [31] 19 "68-F7-28-6E-B9-46"
*Mar 2 02:40:29.568: RADIUS: Acct-Terminate-Cause[49] 6 admin-reset [6]
*Mar 2 02:40:29.568: RADIUS: Event-Timestamp [55] 6 1529066831
*Mar 2 02:40:29.568: RADIUS: Message-Authenticato[80] 18
*Mar 2 02:40:29.568: RADIUS: E0 EC D7 F0 2C DA 05 03 7B 42 13 22 23 E2 41 A0 [ ,{B"#A]
*Mar 2 02:40:29.568: RADIUS: Vendor, Cisco [26] 29
*Mar 2 02:40:29.568: RADIUS: Cisco AVpair [1] 23 "audit-session-id=null"
*Mar 2 02:40:29.568: RADIUS: Vendor, Cisco [26] 43
*Mar 2 02:40:29.568: RADIUS: Cisco AVpair [1] 37 "subscriber:command=bounce-host-port"
*Mar 2 02:40:29.568: ++++++ CoA Attribute List ++++++
*Mar 2 02:40:29.568: 04FF6F44 0 00000001 nas-ip-address(484) 4 192.168.20.1
*Mar 2 02:40:29.568: 04FF6F94 0 00000009 clid(37) 17 68-F7-28-6E-B9-46
*Mar 2 02:40:29.568: 04FF6FA8 0 00000001 disc-cause(356) 4 admin-reset
*Mar 2 02:40:29.568: 04FF6FBC 0 00000001 Event-Timestamp(367) 4 1529066831(5B23B54F)
*Mar 2 02:40:29.568: 04FF6FD0 0 00000009 Message-Authenticator(218) 16 E0 EC D7 F0 2C DA 05 03 7B 42 13 22 23 E2 41 A0
*Mar 2 02:40:29.568: 04FF6FE4 0 00000009 audit-session-id(607) 4 null
*Mar 2 02:40:29.568: 05064858 0 00000009 ssg-command-code(407) 1 33
Any idea why this is happening? (version: ISE: 2.4, Switch:3750-X[IOSv12.2(52)SE] )
07-03-2018 08:53 AM
I'm having this problem too by a customer. Could Cisco provide some help regarding this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide