Show Authentication session command not showing complete data

Karry · ‎05-22-2018

Hi Everyone,

We have switch WS-C3650-48PS which is running on IOS 03.07.03E. we are using dot1x authentication on switch with cisco ISE.

We are able to see that the DACL is being pushed on the switch with "sh access-list" command.

But the same is not being displayed for the port. Also my show authentication session is displaying incomplete details for some reason. below is the output for the same.

ISE-TEST-SW#sh authentication sessions int gi 1/0/11

Interface MAC Address Method Domain Status Fg Session ID
----------------------------------------------------------------------
Gi1/0/11 xxxx.xxxx.xxxx.xxxx dot1x DATA Auth 0A173064000000290B561534

Key to Session Events Blocked Status Flags:

A - Applying Policy (multi-line status for details)
D - Awaiting Deletion
F - Final Removal in progress
I - Awaiting IIF ID allocation
N - Waiting for AAA to come up
P - Pushed Session
R - Removing User Profile (multi-line status for details)
U - Applying User Profile (multi-line status for details)
X - Unknown Blocker

Runnable methods list:
Handle Priority Name
    16       5      dot1x
    19       10     mab
    21       15     webauth

The endpoint ultimately does not get the network access.

Rob Ingram · ‎05-25-2018

Hi,

Can you provide the output of the command "show run aaa" and also the config on an interface configured with 802.1x.

I forget the different syntax per versions, but does the command "sh authentication sessions int gi 1/0/11" permit you to append "details"? It should provide an output like this:-

Can you upload the output of an authenticated device so I can have a look.

thanks