This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We faced with an issue 5440 Endpoint abandoned EAP session and started new
Use case: Corporate users using corporate machine – Dot1x authentication using certificates (User + Machine) EAP-FAST and Posture assessment
Cisco WS-3750X - IOS 15.2(4)E7
Cisco WS-3650 - IOS 16.3.7
ISE 220.127.116.117, Patch 1,2,3,4,5
AnyConnect module v.4.7.00136
Windows 7, 10.
Use case works perfect with 3650 switch IOS 16.3.7 on Win7 and Win10.
But if we trying to use 3750X with IOS 15.2(4)E7, we have a problems only with Win10 while Win7 works correctly.
does the 3750X have configured with ip device tracking command?
have you test the same windows pc working fine on one switch and not working on the different switch.
you can check the windows server log
No, 3750X haven't configured with ip device-tracking command. But I think that it shouldn't be a main problem, because the switch can authorize and authenticate Win7.
And there is no way to test worked Win10 workstations on the same switch because of separated locations.
check this cisco ise 2.4 switch matrix/compatiable table
@ldannyI asked the similar question and the answer was
"And there is no way to test worked Win10 workstations on the same switch because of separated locations."
If Win7 works just fine then this just could be OS behavior and not ISE , but just relying on one win10 workstation will not suffice obviously. Not much to go on if with just testing one endpoint on a specific switch.
You could try to run a sniffer to see if you find anything interesting.
using Dot1x authentication using certificates (User + Machine) EAP-FAST and Posture assessment
if you see the first post :)