Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
1
Replies

Posture ISE et Anyconnect, ERR "5238 Endpoint authentication problem was fixed "

Go to solution
AymenMahjoubi1388
Level 1
Level 1

‎05-20-2019 11:08 AM

hello everyone, who can help me ?

 

Products used :

anyconnect version 4.7.136.0

ISE VERSION 2.4

Complaince module Windows 4.3.642.6144

Description  problem: 5238 Endpoint authentication problem was fixed 

before the posture and anyconnect configuration , the MAB and dot1x authentication function correctly even on the same port there are both (telephonie and workstation),
after the posture and annyconnect configuration, at the level of switch 'auth failed' and for live log ' 5238 Endpoint authentication problem was fixed' 

 Port Configuration : 

description ise dot1x-MAB port
switchport mode access
switchport voice vlan 100
authentication control-direction in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer reauthenticate server
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout tx-period 1
dot1x timeout supp-timeout 3
dot1x max-req 3
dot1x max-reauth-req 5
spanning-tree portfast

Preview file
29 KB
Preview file
4 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-06-2019 08:09 PM

This message is part of an ISE feature to suppress repeated failures but does not indicate the failure itself. In order to understand this, please review slides 305 ~ 308 of Advanced ISE – Architect, Design and Scale ISE for your production networks - BRKSEC-3432 2019 San Diego

After an endpoint is jailed due to repeated failures, and then the same supplicant conducted passed authentication it is unmarked as misconfigured by firing the message:

5238 Endpoint authentication problem was fixed

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-06-2019 08:09 PM

This message is part of an ISE feature to suppress repeated failures but does not indicate the failure itself. In order to understand this, please review slides 305 ~ 308 of Advanced ISE – Architect, Design and Scale ISE for your production networks - BRKSEC-3432 2019 San Diego

After an endpoint is jailed due to repeated failures, and then the same supplicant conducted passed authentication it is unmarked as misconfigured by firing the message:

5238 Endpoint authentication problem was fixed

 

0 Helpful
Customers Also Viewed These Support Documents