Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Supplicant wont send Authentication Failed log to ISE

Dear friends. i finally completed the configuration of switch for dot1x. then i tested by typing "test aaa group ise admin password new-code" and User rejected message appeared as expected because ISE authentication had not configured yet.And this log shown on ISE radius live logs. So, i created only Authentication Policy for testing purposes and configured windows 7 supplicant. So when i entered windows 7 domain user Authentication Fails as expected(Because Authorization Policy not configured yet). But this failure message didn't appear on Radius Live Logs. please see my switch configuration below and the result of "show authentication sessions"


interface Ethernet 0/2
switchport mode access
duplex auto
authentication event fail action next-method
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast


Switch#show authentication sessions

Interface       MAC Address       Method     Domain     Status      Session ID
Et0/2            (unknown)           mab        UNKNOWN  Running   0A0A0A640000000200348BD9


Rising star

Re: Supplicant wont send Authentication Failed log to ISE

The supplicant does not send logs to ISE.  When an authentication/authorization failure happens, ISE logs the message itself since it is the system failing the attempt.  By default, ISE is configured to suppress repeated failure and repeated successful attempts.  So when you are initially deploying ISE or just troubleshooting an issue, I recommend to turn off suppression.  Then once things are working as expected, turn suppression back on.  Go to Administration->System->Settings->Protocols->Radius.  That is where the suppression settings are.