03-17-2019 11:06 AM
Hi Cisco ISE guru,
I ran into a weird scenario for an ISE deployment, I have deployed about 700 endpoint into enforcement mode(low impact).
2 endpoints passes dot1x auth/authorization and the session receives "permit ip any any" DACL, the dacl shows up in the output of command " show access-session interface g1/x/x detail" , but the endpoint still don't have access to the network.
only if the pre-auth-acl is removed from this switch port then the network access restores.
I have tried to move one of the endpoint to another spare port ( with pre-auth-acl) and the issue seems to be resolved.
I have asked the client to reboot the switch to see if this could fix the issue, but it will take some time for approval.
Has anyone ran into same issue? Is this a switch bug related?
Thanks.
Solved! Go to Solution.