Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
2
Replies

ISE Authorization issue - reason 15039 rejected per Authorization prof

ShareefKooliyodan0444
Level 1
Level 1

‎10-11-2023 02:29 AM

Dears , 

 

Please check below one endpoint computer that is not authorized with ISE, all others are functioning properly.

I would appreciate your assistance in this matter


M-FLOOR#show authentication sessions session-id 4536A8C0001599F0C681F213 details
Session id=4536A8C0001599F0C681F213
Interface: TenGigabitEthernet7/0/26
IIF-ID: 0x1401B286
MAC Address: 70b5.e851.be33
IPv6 Address: fe80::82c7:952a:baef:1b5c
IPv4 Address: 172.20.2.61
User-Name: noc
Device-type: Microsoft-Workstation
Device-name: DESKTOP-UHCHIDR
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Acct update timeout: 172800s (local), Remaining: 88380s
Common Session ID: 4536A8C0001599F0C681F213
Acct Session ID: 0x000091ef
Handle: 0xcf000599
Current Policy: PMAP_DefaultWiredDot1xClosedAuth_1X_MAB


Local Policies:

Server Policies:
VN Value: DEFAULT_VN
Vlan Group: Vlan: 1035
SGT Value: 27


Method status list:
Method State
dot1x Authc Success

 


M-FLOOR#show authentication sessions session-id 4536A8C00017461313A17D66 details
Session id=4536A8C00017461313A17D66
Interface: GigabitEthernet7/0/23
IIF-ID: 0x1EA44A06
MAC Address: 70b5.e851.bee1
IPv6 Address: fe80::8e33:1321:ee63:8fa2
IPv4 Address: 172.20.2.109
User-Name: 70b5e851bee1
Device-type: Microsoft-Workstation
Device-name: DESKTOP-UHCHIDR
Status: Unauthorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: 60s, Remaining: 13s
Common Session ID: 4536A8C00017461313A17D66
Acct Session ID: Unknown
Handle: 0x35000497
Current Policy: PMAP_DefaultWiredDot1xClosedAuth_1X_MAB


Server Policies:


Method status list:
Method State
dot1x Stopped
mab Stopped

 

0 Helpful
2 Replies 2

ahollifield
VIP
VIP

‎10-11-2023 05:39 AM

Something is wrong with this one endpoint.  There are no ISE logs here to troubleshoot.....

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356

0 Helpful

Arne Bier
VIP
VIP

‎10-16-2023 01:44 PM

Like ahollifield said, the end result is that the switch was told by the RADIUS server not to authorize the endpoint - the answer to your question should be found by looking at the RADIUS server logs.

0 Helpful
Customers Also Viewed These Support Documents