Re: Cisco switch authentication fail ise

danielesquaranti · ‎07-12-2022

Hi,

I have a problem with only some ports on Cisco switch stack 2960x.

I see those errors:

Jul 12 07:30:37 switch1 4040965: Jul 12 07:30:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/15, changed state to up
Jul 12 07:30:44 switch1 4040966: Jul 12 07:30:44: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:45 switch1 4040967: Jul 12 07:30:44: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:45 switch1 4040968: Jul 12 07:30:44: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:48 switch1 4040969: Jul 12 07:30:48: %AUTHMGR-5-START: Starting 'mab' for client (64c9.01d2.c85c) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:48 switch1 4040970: Jul 12 07:30:48: %MAB-5-FAIL: Authentication failed for client (64c9.01d2.c85c) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:48 switch1 4040971: Jul 12 07:30:48: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (64c9.01d2.c85c) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:48 switch1 4040972: Jul 12 07:30:48: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (64c9.01d2.c85c) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:48 switch1 4040973: Jul 12 07:30:48: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (64c9.01d2.c85c) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:30:49 switch1 4040974: Jul 12 07:30:48: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (64c9.01d2.c85c) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426
Jul 12 07:31:26 switch1 4040975: Jul 12 07:31:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/15, changed state to down

--------------------

#show auth sess

Interface MAC Address Method Domain Status Session ID
Gi1/0/3 (unknown) mab UNKNOWN Running AC11102B00033B52A0C7F936

---------------------

Any idea to resolve the problem? Then i will trying rebooting

balaji.bandi · ‎07-12-2022

%DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/15 AuditSessionID AC11102B000341E30C927426

what end device is this, do you really see MAC address of the device ? what version of code running in Catlyst switch 2960 (is this only device having issue all the ports ?)

below thread help you troubleshooting :

https://community.cisco.com/t5/network-access-control/authentication-failed-for-client-unknown-mac/m-p/3318371#M551922

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

danielesquaranti · ‎07-12-2022

I don't see mac-address of the device..

this switch authenticates most users except a few. Until a few days ago it authenticated everyone correctly, which is strange ..

balaji.bandi · ‎07-12-2022

Until a few days ago it authenticated everyone correctly, which is strange ..

This give hint that it was working, something changed, so i go back and check what is the change on switch config or any other, if you get chance reboot the switch and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help