Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2632
Views
5
Helpful
5
Replies

meaningless error messages ise 2.4

Yunus Emre DEV
Level 1
Level 1

‎09-10-2020 05:59 AM

hello everyone,

 

I am getting errors posted in the attachment and dot1x is not working

 

can you help me friends

 

thanks

Preview file
1650 KB
0 Helpful
5 Replies 5

Colby LeMaire
VIP Alumni
VIP Alumni

‎09-10-2020 07:04 AM

Please post your switch configuration and screenshots of the ISE Live Logs so we can understand the context of the debugs.

0 Helpful

Yunus Emre DEV
Level 1
Level 1
In response to Colby LeMaire

‎09-10-2020 12:07 PM

Thank you for the answer

 

anyconnect ( EAP Chaining) I use !!

Can you post a suggested sample config for anyconnect eap Chaining? !!!! ( PLEASE !!! )

 

switch configuration;

 

aaa authentication login default group tacacs local
aaa authentication login console local
aaa authentication login CONSOLE none
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec default group tacacs local if-authenticated
aaa authorization exec CONSOLE none
aaa authorization commands 1 default group tacacs local if-authenticated
aaa authorization commands 15 default group tacacs local if-authenticated
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group tacacs
aaa accounting commands 1 default start-stop group tacacs
aaa accounting commands 15 default start-stop group tacacs
!
!
!
!
!
aaa server radius dynamic-author
client 10.10.1.50 server-key 7 xxxxxx

 

dot1x system-auth-control
dot1x logging verbose
!

!
authentication mac-move permit
authentication logging verbose
mab logging verbose

 

 

interface GigabitEthernet1/0/41
description test
switchport mode access
switchport voice vlan 40
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge
spanning-tree bpduguard enable

 

 


logging trap debugging
logging origin-id ip
logging host 10.10.1.50 transport udp port 20514
logging host 10.10.1.50

 

!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 30 tries 3

 

mac address-table notification change
mac address-table notification mac-move
!

Preview file
109 KB
Preview file
103 KB
0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Yunus Emre DEV

‎09-13-2020 11:49 AM

Is your aaa server up, check it using show aaa server.

Then check if you installed the required certs used by ise server on the
clients to trust the eap handshake (outter channel).

Make sure that clients xml includes the right pac configuration.

***** please remember to rate useful posts

Yunus Emre DEV
Level 1
Level 1

‎09-13-2020 05:46 AM

friends who can support, can you help

 

thanks

0 Helpful

thomas
Cisco Employee
Cisco Employee
In response to Yunus Emre DEV

‎09-21-2020 06:57 PM

Please see How to Ask The Community for Help.

Share the ISE LiveLog authentication details with the error message(s).

Additionally, knowing what type of endpoint you are authenticating and the network device configuration would potentially help depending on the authentication error in ISE.

 

0 Helpful
Customers Also Viewed These Support Documents