Hi,
I have a switch that recently was updated to version 16.9.5 and since then users were rejected from network. Every user has same problem and log:
Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (001f.b532.aeb0) on Interface GigabitEthernet1/0/27 AuditSessionID 0AAC4D1E00000010EB250D79. Failure Reason: ACL Failure. Failed attribute name #ACSACL#-IP-Operator_User_ACL-5e71704f.
A "show ip access-lists" doesn't shows that ACL but shows ip access-list for IP Phones that is a permit all for IPv4.
Extended IP access list xACSACLx-IP-PERMIT_ALL_IPV4_TRAFFIC-57f6b0d3
1 permit ip any any
After a little research I found that theres is a bug reported for that version, so I updated it again but still has same behavior. Current version is 16.9.5 (fc1), that it is not recommended version but in bug software releases shows that it has not problem with this bug.
In ISE I see there is no problem with authentication. If I change authorization profile for a "PermitAccess" there is no problem with users. Issue only happens with profiles with a DACL. Other switch, a 3750X, shows no problem with DACL and same profile.
Is there any change in configuration I should missing?
ISE is version 2.6 with patch 2.