10-31-2019 11:17 AM
Hi,
Is there any dot1x compatibility issue between ise 2.3 and cat 3850 ios denali 16.3.5b?
I keep on getting below log:
%SESSION_MGR-5-FAIL:Switch 1 R0/0: smd: Authorization failed or unapplied for client (F481.39C6.F740) on Interface GigabitEthernet1/0/43 AuditSessionID 000000000000006A22100BDA
%DOT1X-5-FAIL:Switch 1 R0/0: smd: Authentication failed for client (F481.39C6.F740) on Interface Gi1/0/43 AuditSessionID 000000000000006A22100BDA
thx
ny
Solved! Go to Solution.
10-31-2019 03:59 PM
Are you doing any VLAN override with your ISE Authorization Profiles? e.g. ISE returns VLAN x to the switch for that session? I have found in the past that if the VLAN doesn't exist on the switch, then you see such errors. If that is not your issue, then I would look at the switch port config, and the results that ISE is returning. Is it Access-Accept, and what attributes?
10-31-2019 03:59 PM
Are you doing any VLAN override with your ISE Authorization Profiles? e.g. ISE returns VLAN x to the switch for that session? I have found in the past that if the VLAN doesn't exist on the switch, then you see such errors. If that is not your issue, then I would look at the switch port config, and the results that ISE is returning. Is it Access-Accept, and what attributes?
11-08-2019 09:12 AM
Not an issue on ISE side reported with specific IOS-XE polaris releases. Besides what Arne suggested, please try upgrading to a later release or open a TAC case to troubleshoot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide