06-06-2017 01:15 PM
I am seeing soem weird issues with Dot1x and MAB when I connect a Cisco SPA504g phone. The initial Dot1x check starts and fails, and MAB then takes over. After it successfully authenticates and is authorized, I am seeing the device constantly re-authenticating.
I have copied some of the switch output below:
Jun 6 19:45:54.351: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up
Jun 6 19:46:05.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to down
Jun 6 19:46:06.128: %AUTHMGR-5-START: Starting 'dot1x' for client (0023.186d.d383) on Interface Fa0/7 AuditSessionID 0AC72BEF00 00001903A76D2A
Jun 6 19:46:07.001: %AUTHMGR-5-START: Starting 'dot1x' for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF00 00001A03A770F7
Jun 6 19:46:07.429: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up
Jun 6 19:46:21.605: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPACK, MAC sa: 544a.00ba.5641
Jun 6 19:46:36.990: %DOT1X-5-FAIL: Authentication failed for client (0023.186d.d383) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001903A76D2A
Jun 6 19:46:36.990: %DOT1X-5-FAIL: Authentication failed for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:36.990: %AUTHMGR-5-START: Starting 'mab' for client (0023.186d.d383) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001903A76D2A
Jun 6 19:46:36.990: %AUTHMGR-5-START: Starting 'mab' for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:37.376: %MAB-5-SUCCESS: Authentication successful for client (0023.186d.d383) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001903A76D2A
Jun 6 19:46:37.376: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:37.376: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0023.186d.d383| AuditSessionID 0AC72BEF0000001903A76D2A| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:46:37.393: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT Auth-Default-ACL-Open Attached Successfully
Jun 6 19:46:37.393: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910| EVENT DOWNLOAD-REQUEST
Jun 6 19:46:37.393: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:46:37.426: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910| EVENT DOWNLOAD-SUCCESS
Jun 6 19:46:37.426: %EPM-6-POLICY_APP_SUCCESS: IP 169.254.158.203| MAC 0023.186d.d383| AuditSessionID 0AC72BEF0000001903A76D2A| AUTHTYPE DOT1X| POLICY_TYPE Named ACL| POLICY_NAME xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910| RESULT SUCCESS
Jun 6 19:46:37.435: %EPM-6-POLICY_APP_SUCCESS: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| POLICY_TYPE Named ACL| POLICY_NAME xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910| RESULT SUCCESS
Jun 6 19:46:38.047: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0023.186d.d383) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001903A76D2A
Jun 6 19:46:38.047: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:47.727: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:47.736: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:46:48.248: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:48.256: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:46:48.340: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:48.340: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:57.886: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:57.894: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:46:58.389: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:58.389: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:46:58.608: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:58.616: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:46:58.633: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:58.633: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:46:58.633: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:03.515: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:03.515: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:03.775: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:08.020: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:08.028: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:08.766: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:08.766: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:08.926: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:08.926: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:18.195: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:18.195: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:18.631: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:18.631: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:19.210: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:19.210: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:28.320: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:28.320: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:28.471: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:28.924: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:28.924: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:29.352: %MAB-5-SUCCESS: Authentication successful for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:29.360: %EPM-6-POLICY_REQ: IP 10.198.71.1| MAC ece1.a9cc.6c4b| AuditSessionID 0AC72BEF0000001A03A770F7| AUTHTYPE DOT1X| EVENT APPLY
Jun 6 19:47:29.503: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
Jun 6 19:47:29.503: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (ece1.a9cc.6c4b) on Interface Fa0/7 AuditSessionID 0AC72BEF0000001A03A770F7
When I watch the ISE Live Log, I see it constantly being authenticated and sometimes profiled, but it never seems to show in the Context Visibility Endpoint area. Below are details as seen from ISE:
Time | Status | Repeat Count | Identity | Endpoint ID | Endpoint Profile | Authentication Policy | Authorization Policy | Authorization Profiles | IP Address | Network Device | Device Port | Identity Group | Posture Status | Server |
Jun 07, 2017 07:52:02.570 AM | Session | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Cisco-Device | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | FastEthernet0/7 | |||||
Jun 07, 2017 07:51:58.208 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Unknown | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | |||
Jun 07, 2017 07:51:57.928 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:57.682 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:57.269 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:56.999 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:56.721 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:56.511 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Unknown | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | |||
Jun 07, 2017 07:51:56.209 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:55.934 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Unknown | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | |||
Jun 07, 2017 07:51:55.509 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Unknown | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | |||
Jun 07, 2017 07:51:55.345 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:55.002 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:54.714 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Cisco-Device | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | Profiled | nzciscoise01 | ||
Jun 07, 2017 07:51:54.489 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Unknown | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | |||
Jun 07, 2017 07:51:53.668 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:53.300 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:53.015 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | Unknown | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | |||
Jun 07, 2017 07:51:52.769 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:52.501 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:52.176 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:51.674 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:51.253 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:50.436 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:50.159 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:49.862 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:49.633 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:48.751 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 | ||||
Jun 07, 2017 07:51:48.122 AM | Auth Passed | EC:E1:A9:CC:6C:4B | EC:E1:A9:CC:6C:4B | XYZ Corp Policy >> XYZ Corp MAB >> Default | XYZ Corp Policy >> Default | XYZ_FULL_NETWORK_ACCESS | 10.198.71.1 | Building_A_2960C-1 | FastEthernet0/7 | nzciscoise01 |
If anyone has any ideas on why this is occurring and how to stop it, I sure would appreciate some assistance.
Cheers
06-07-2017 06:19 AM
Paul,
Are you wanting the phone to perform 802.1X authentication? The reason I ask is because it seems the phone has been configured to do so. Can you try re-configuring it so that it doesn't try 802.1X and see if that helps?
Regards,
-Tim
06-07-2017 04:07 PM
Hi Tim,
no I don't want to authenticate the phone using 802.1x, but I do want any device attached to it (PC/Laptop) to use 802.1x if it supports it.
My understanding is that these phones do not support 802.1x in a wired environment (from SPA500 Series IP Phone Administration Guide), so I am wondering if this is the cause of the issue.
I really don't want to have to remove 802.1x if I can help it.
06-22-2017 08:23 PM
Is the Phone Configured to use a Voice VLAN? If so it will notice it didn't get access to the Voice Domain and will permanently retry. Try to assign the Voice Domain Permission with your ISE and look if it's working.
06-22-2017 08:27 PM
Hi Oliver,
The switch port has a voice VLAN and Data VLAN. Are you suggesting that I should change this and assign a VLAN using an ISE policy?
If so, what is your suggestion for best practice in this instance? I'm not familiar with doing it that way.
Thanks
06-22-2017 08:28 PM
Switch port configuration below:
interface FastEthernet0/7
switchport access vlan 410
switchport mode access
switchport voice vlan 198
shutdown
speed auto 10 100
duplex full
authentication control-direction in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 410
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge
spanning-tree bpduguard enable
!
06-23-2017 09:01 AM
create a authorization rule for the phones and use the default Cisco_IP_Phones Authorization Profile or create a new one with just the checkbox "Voice Domain Permission" marked.
06-27-2017 02:09 PM
Unfortunately that hasn't worked.
Looking at the ISE RADIUS Live Logs, I can see the device ping-ponging between Cisco_IP_Phone and Cisco_Device as it tries to reauthenticate or gets constantly profiled. The switch logs again show EVENT ATTACH followed by EVENT DETACH as per below
Jun 27 21:04:46.703: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT ATTACH
-SUCCESS
Jun 27 21:04:46.703: %EPM-6-POLICY_APP_SUCCESS: Policy Application succeded for
Client [10.198.71.2] MAC [ece1.a9cc.6c4b] AuditSession ID [0AC647FE000000574289B
5FA] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-PERMIT_ALL_TRAFFIC-574
52910]
Jun 27 21:04:47.735: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT DETACH
-SUCCESS
Jun 27 21:04:50.402: %EPM-6-POLICY_REQ: IP 10.198.71.2| MAC ece1.a9cc.6c4b| Audi
tSessionID 0AC647FE000000574289B5FA| EVENT APPLY
Jun 27 21:04:50.402: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD_REQUEST
Jun 27 21:04:50.587: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD-SUCCESS
Jun 27 21:04:50.621: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT ATTACH
-SUCCESS
Jun 27 21:04:50.629: %EPM-6-POLICY_APP_SUCCESS: Policy Application succeded for
Client [10.198.71.2] MAC [ece1.a9cc.6c4b] AuditSession ID [0AC647FE000000574289B
5FA] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-PERMIT_ALL_TRAFFIC-574
52910]
Jun 27 21:04:51.535: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT DETACH
-SUCCESS
Jun 27 21:04:52.785: %EPM-6-POLICY_REQ: IP 10.198.71.2| MAC ece1.a9cc.6c4b| Audi
tSessionID 0AC647FE000000574289B5FA| EVENT APPLY
Jun 27 21:04:52.785: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD_REQUEST
Jun 27 21:04:52.802: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD-SUCCESS
Jun 27 21:04:52.818: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT ATTACH
-SUCCESS
Jun 27 21:04:52.818: %EPM-6-POLICY_APP_SUCCESS: Policy Application succeded for
Client [10.198.71.2] MAC [ece1.a9cc.6c4b] AuditSession ID [0AC647FE000000574289B
5FA] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-PERMIT_ALL_TRAFFIC-574
52910]
Jun 27 21:04:53.464: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT DETACH
-SUCCESSno shut
WMHobil_Ave_2960C-1(config-if)#
Jun 27 21:04:57.835: %EPM-6-POLICY_REQ: IP 10.198.71.2| MAC ece1.a9cc.6c4b| Audi
tSessionID 0AC647FE000000574289B5FA| EVENT APPLY
Jun 27 21:04:57.835: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD_REQUEST
Jun 27 21:04:58.078: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD-SUCCESS
Jun 27 21:04:58.112: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT ATTACH
-SUCCESS
Jun 27 21:04:58.112: %EPM-6-POLICY_APP_SUCCESS: Policy Application succeded for
Client [10.198.71.2] MAC [ece1.a9cc.6c4b] AuditSession ID [0AC647FE000000574289B
5FA] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-PERMIT_ALL_TRAFFIC-574
52910]
Jun 27 21:04:58.154: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT DETACH
-SUCCESS
Jun 27 21:04:59.177: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPIN
G drop message on untrusted port, message type: DHCPACK, MAC sa: 501c.bf75.af41
Jun 27 21:04:59.588: %EPM-6-POLICY_REQ: IP 10.198.71.2| MAC ece1.a9cc.6c4b| Audi
tSessionID 0AC647FE000000574289B5FA| EVENT APPLY
Jun 27 21:04:59.588: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD_REQUESTshut
WMHobil_Ave_2960C-1(config-if)#
Jun 27 21:05:00.444: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-57452910|
EVENT DOWNLOAD-SUCCESS
Jun 27 21:05:00.494: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT ATTACH
-SUCCESS
Jun 27 21:05:00.494: %EPM-6-POLICY_APP_SUCCESS: Policy Application succeded for
Client [10.198.71.2] MAC [ece1.a9cc.6c4b] AuditSession ID [0AC647FE000000574289B
5FA] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-PERMIT_ALL_TRAFFIC-574
52910]
Jun 27 21:05:01.241: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT DETACH
-SUCCESS
Jun 27 21:05:01.241: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT ATTACH
-SUCCESS
07-08-2017 06:33 PM
"speed auto 10 100" and "duplex full"?? It might be some Cat 6K. It might worth to try a different switch.
None of the outputs are telling why it DETACH within a second after authorized. I would suggest to engage Cisco TAC to troubleshoot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide