cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

201
Views
0
Helpful
0
Replies
Highlighted

Ports on various switches are in DATA Unauth state - won't stay in Auth

We have various ISE ports where the port status appears DATA Unauth.  We clear the sessions and they go back to Auth but 24 hrs later they are Unauth again.  Radius is okay no bouncing. The DATA domain Vlan is same as on the config line authentication event server dead action authorize vlan (below).  Most of the switches I've checked are running Denali, fwiw.  The devices seems to all be our Windows 10 Dell systems.  Any ideas why they go to Auth on clear session but 24 hrs later a

 

Tw1/0/7 3448.ed7c.8c01 N/A DATA Unauth 0290C52800021401041F65B5
Tw1/0/20 8c04.ba7a.4c52 N/A DATA Unauth 0290C5280002140B0421BACA
Tw1/0/13 3448.edb8.4270 N/A DATA Unauth 0290C52800020EE802C5C309
Tw1/0/10 8c04.ba7a.46fd N/A DATA Unauth 0290C52800021402041F718B

 

Typical port config:

 

interface TwoGigabitEthernet1/0/24
description *** IP PHONE & HOST PORT ***
switchport access vlan 10
switchport mode access
switchport nonegotiate
switchport voice vlan 513
device-tracking attach-policy ise_device_tracking
ip access-group ACCESS-IP-FILTER-IN-1 in
load-interval 30
authentication event fail action next-method
authentication event server dead action authorize vlan 10
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 36000
authentication timer inactivity 60
authentication violation replace
snmp trap mac-notification change added
snmp trap mac-notification change removed
no snmp trap link-status
mab
dot1x pae authenticator
dot1x timeout quiet-period 300
dot1x timeout tx-period 15
spanning-tree portfast
spanning-tree guard root
service-policy output EGRESS-QUEUING
end

 

Thanks  Whit R.