Error %DOT1X-5-FAIL with ISE

Pegasusxl666 · ‎01-15-2022

Hi community

I have a doubt, I replace the network admin and doing a check of logs I run into with the log "%DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000884B8C597E"

My question is about the origin of log, It's a good o bad?

I share you the information:

interface GigabitEthernet1/0/3
description ISE dot1x Port
switchport access vlan 10
switchport mode access
switchport voice vlan 20
device-tracking attach-policy IPDT_MAX_10
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer inactivity server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
spanning-tree bpduguard enable
end

IBK-TF243-COR-01#show authentication sessions
Interface MAC Address Method Domain Status Fg Session ID
--------------------------------------------------------------------------------------------
Gi1/0/12 0003.4f03.d1f7 mab DATA Unauth A17D070A000000AF59A459DE
Gi1/0/7 0021.b757.ac52 mab DATA Unauth A17D070A00000018FDED754A
Gi2/0/20 7485.2a20.f7e2 mab DATA Auth A17D070A000000B159C5C272
Gi1/0/3 ace2.d309.6976 mab DATA Auth A17D070A000000884B8C597E
Gi1/0/8 ace2.d309.699f mab DATA Auth A17D070A000000B75F96677A
Gi1/0/5 ace2.d309.69f5 mab DATA Auth A17D070A000000B55F8EA0B2
Gi1/0/1 ace2.d309.6a6c mab DATA Auth A17D070A000000B359CEA47E
Gi1/0/2 ace2.d313.17fc mab DATA Auth A17D070A0000008F4F2F1216
Gi1/0/4 ace2.d313.188e mab DATA Unauth A17D070A000000AB595186D6
Gi1/0/11 ace2.d313.1a74 mab DATA Auth A17D070A000000B65F943E7A
Gi1/0/6 ace2.d313.1d4f mab DATA Unauth A17D070A000000B259CCC13A
Gi1/0/10 ace2.d313.1ebd mab DATA Unauth A17D070A0000006E3C67F71E

LOG ISE

Authorization profile

Regards

Francesco Molino · ‎01-15-2022

Hi

Is the log no-response from client shown multiple times or 1 time?

what do you mean by changed network admin?

The log says the client didn't gave any dot1x response and the session was failed due to that time out.

However, on the next outputs, we see that same mac, same port in AUTH state so it is actually authenticated.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Pegasusxl666 · ‎01-18-2022

Hello yes I mean that I replaced the old network administrator.

My query is why does the dot1x message come out every hour on the switch, if I understand it has already been authenticated, is this behavior normal? according to the configuration shown above

IBK-TF243-COR-01#sh logging | i 6976
013806: Jan 18 00:04:36.051 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
013883: Jan 18 01:05:06.462 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
013930: Jan 18 02:05:36.936 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
013991: Jan 18 03:06:07.411 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014038: Jan 18 04:06:37.824 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014070: Jan 18 05:07:08.273 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014087: Jan 18 06:07:38.833 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014104: Jan 18 07:08:09.315 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014121: Jan 18 08:08:39.733 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014138: Jan 18 09:09:10.066 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014159: Jan 18 10:09:40.432 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
014191: Jan 18 11:10:10.919 UTC: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (ace2.d309.6976) with reason (No Response from Client) on Interface Gi1/0/3 AuditSessionID A17D070A000000C06930C3C6
IBK-TF243-COR-01#

Francesco Molino · ‎01-20-2022

messages aren't supposed to be here if everything works as expected. in your case, the client doesn't respond to dot1x requests.

can you share the output of show authentication session details for that port?

also as it's coming every hour, can you run a tcpdump on ise prior to the log to come in and share the capture?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question