07-30-2020 10:09 AM
Hi,
I found a very strange issue here. I have included the mac address in the bypass list but however it doesnt seems to get authenticated , always remain as UZ. Therefore once CLOSED mode enforced, the device port Gi1/0/46 gets DROP
Anyone has any idea please? I am really stuck!
CMX003#sh auth br
Interface MAC Address AuthC AuthZ Fg Uptime
-----------------------------------------------------------------------------
Gi1/0/46 084f.a566.a118 d:NA UZ: SA- FA- X 43s
sh mac address-table
804 084f.a566.a118 DYNAMIC Drop
804 084f.a9b6.a11f DYNAMIC Gi1/0/48
07-31-2020 01:35 PM
Please see How to Ask the Community for Help to provide more details.
Unclear what you are doing, why you are doing it, switch model, software version, switchport config, ISE matching authorization rule, result, etc.
07-31-2020 08:55 PM
Hello,
Question(s): Even after adding MAC address of device in MAB group, the switch still shows UZ (status Unauthorized in switch-sh auth br) and ISE doesnt shows any info the MAC address attached to a switch like usual (just have a record of MAC address under context visibility).
Goal:Any device MAC address added into the MAB group in ISE policy will be AZ (status authorized in switch-sh auth br).
Errors: sh auth br - d:NA UZ
08-08-2020 08:40 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide