cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

705
Views
0
Helpful
3
Replies
Highlighted
Explorer

UnAuthorized even after adding mac address in group bypass MAC list. d:NA UZ

Hi,

I found a very strange issue here. I have included the mac address in the bypass list but however it doesnt seems to get authenticated , always remain as UZ. Therefore once CLOSED mode enforced, the device port Gi1/0/46 gets DROP

Anyone has any idea please? I am really stuck!

 

CMX003#sh auth br
Interface MAC Address AuthC AuthZ Fg Uptime
-----------------------------------------------------------------------------
Gi1/0/46 084f.a566.a118 d:NA UZ: SA- FA- X 43s

 

sh mac address-table

804 084f.a566.a118 DYNAMIC Drop
804 084f.a9b6.a11f DYNAMIC Gi1/0/48

 

 

3 REPLIES 3
Highlighted
Cisco Employee

Please see How to Ask the Community for Help to provide more details.

Unclear what you are doing, why you are doing it, switch model, software version, switchport config, ISE matching authorization rule,  result, etc.

 

Highlighted

Hello,

 

Question(s): Even after adding MAC address of device in MAB group, the switch still shows UZ (status Unauthorized in switch-sh auth br) and ISE doesnt shows any info the MAC address attached to a switch like usual (just have a record of MAC address under context visibility). 

Goal:Any device MAC address added into the MAB group in ISE policy will be AZ (status authorized in switch-sh auth br).

Errors: sh auth br - d:NA  UZ

 

 

 

Highlighted

Take the packet capture on ISE Node to check the RADIUS Access-Request packets from the switch and simultaneous debugs for aaa authentication and radius on the switch to correlate the issue.
Also provide the HW/SW of the switch along with the port configuration.
Content for Community-Ad