11-09-2016 01:00 PM - edited 03-11-2019 12:13 AM
Hi,
I've Cisco ISE 2.1 with patch 1.
I have applied an Authorization Policy that send an Access_Reject to NAD when a certain endpoint connects to the network.
I notice that ISE correctly begins to log the authorization failures of that endpoint.
After some minutes I change the Authorization Policy to send an Access_Accept message to NAD for the same endpoint.
I notice that ISE 2.1 doesn't authorize the endpoint.
I receive a lot of these messages:
5434 Endpoint conducted several failed authentications of the same scenario
15039 Rejected per authorization profile
Do you know if there is any timer involved in this situation?
I browse also the Live session section but I don't see any session to that endpoint. This is right but I can't understand how to clear the previous Reject phase.
Is there any configuration or command on Ise? or Do I make any other mistakes?
Thanks
Antonio
Solved! Go to Solution.