ISE 2.6 patch 11 - HP Comware Switch Dot1x Reauth fails -Dot1X

Rafael Faria · ‎06-15-2022

Hello there!

I've been facing a problem on a client, dot1x authentication occurs normally the problem happens on reauthentication I have two red flags in the live log and a new authentication occurs, the problem is that users feel the connection drop and are complaining...

The first error is "11051 RADIUS packet contains invalid state attribute" followed by the error "5440 Endpoint abandoned EAP session and started new"

I even found a similar case here on the forum where the solution was to apply the command "undo dot1x multicast-trigger" on the switches, but this configuration was already applied at the time of deployment.

I appreciate any information or help!

balaji.bandi · ‎06-15-2022

is this not working after patch 11 ? in this case i will roleback to old working status, and working with TAC to troubleshoot.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rafael Faria · ‎06-15-2022

it wasn't working even before patch 11... I was using patch 6 and the same thing happened.
I already have an open TAC but I still haven't found a solution for it.

balaji.bandi · ‎06-15-2022

TAC is the best people can assits here. so i will follow with TAC again so they are SME

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

andrewswanson · ‎06-17-2022

Could you be running into the bug below?

hth

Andy

Re-auth fails 3rd party, ISE sends RADIUS state in Access-Accept packet withot Termination-Action CSCvn39378

https://bst.cisco.com/bugsearch/bug/CSCvn39378