cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

379
Views
0
Helpful
3
Replies
Highlighted
Beginner

What is the meaning of Radius log rejected identity USERNAME during dot1x auhentication?

Hi,

 

Does this means the laptop didn't log in to AD OR logout from his laptop? Thus failing dot1x authentication?

Thanks!

3 REPLIES 3
Highlighted
VIP Mentor

it depends where you seeing the message.

 

look at the troubleshooting guide of ISE :

 

https://community.cisco.com/t5/security-documents/how-to-troubleshoot-ise-failed-authentications-amp/ta-p/3630960

BB
*** Rate All Helpful Responses ***
Highlighted
VIP Advisor

Most of the time, if you see "username" in the radius live logs as the identity, then it's also accompanied with the red indicator of a failed authentication. By default, the 2.4+ versions of ISE mask the radius username for failures with "username" to prevent the possibility of disclosing a users password that may have accidentally been typed in to the username input. 

You can disable the username masking by navigating to the follow menu and selecting the checkbox "Disclose invalid usernames". 
username.png


Highlighted

Hi,

 

Many thanks for yr precious advise!

I am fine to see the red color USERNAME in the radius log of failed dot1x auth. I am just wondering if the failed auth is due to logout from AD, expired certificate or not yet login to AD.

Could the possibility be ALL OF ABOVE?