04-18-2020 12:08 PM
Dear friends. i finally completed the configuration of switch for dot1x. then i tested by typing "test aaa group ise admin password new-code" and User rejected message appeared as expected because ISE authentication had not configured yet.And this log shown on ISE radius live logs. So, i created only Authentication Policy for testing purposes and configured windows 7 supplicant. So when i entered windows 7 domain user Authentication Fails as expected(Because Authorization Policy not configured yet). But this failure message didn't appear on Radius Live Logs. please see my switch configuration below and the result of "show authentication sessions"
interface Ethernet 0/2
switchport mode access
duplex auto
authentication event fail action next-method
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
!
Switch#show authentication sessions
Interface MAC Address Method Domain Status Session ID
Et0/2 (unknown) mab UNKNOWN Running 0A0A0A640000000200348BD9
04-19-2020 09:20 AM
The supplicant does not send logs to ISE. When an authentication/authorization failure happens, ISE logs the message itself since it is the system failing the attempt. By default, ISE is configured to suppress repeated failure and repeated successful attempts. So when you are initially deploying ISE or just troubleshooting an issue, I recommend to turn off suppression. Then once things are working as expected, turn suppression back on. Go to Administration->System->Settings->Protocols->Radius. That is where the suppression settings are.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide