Hi Everyone,
We have switch WS-C3650-48PS which is running on IOS 03.07.03E. we are using dot1x authentication on switch with cisco ISE.
We are able to see that the DACL is being pushed on the switch with "sh access-list" command.
But the same is not being displayed for the port. Also my show authentication session is displaying incomplete details for some reason. below is the output for the same.
ISE-TEST-SW#sh authentication sessions int gi 1/0/11
Interface MAC Address Method Domain Status Fg Session ID
----------------------------------------------------------------------
Gi1/0/11 xxxx.xxxx.xxxx.xxxx dot1x DATA Auth 0A173064000000290B561534
Key to Session Events Blocked Status Flags:
A - Applying Policy (multi-line status for details)
D - Awaiting Deletion
F - Final Removal in progress
I - Awaiting IIF ID allocation
N - Waiting for AAA to come up
P - Pushed Session
R - Removing User Profile (multi-line status for details)
U - Applying User Profile (multi-line status for details)
X - Unknown Blocker
Runnable methods list:
Handle Priority Name
16 5 dot1x
19 10 mab
21 15 webauth
The endpoint ultimately does not get the network access.