Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1462
Views
0
Helpful
3
Replies

No network access from a particular switch...

Go to solution
GregH.NY
Level 1
Level 1

‎09-25-2019 06:12 AM

Hello. We have a user that has a laptop that can not get network access when used on a particular switch. His laptop gets an authenticated by ISE and gets an IP address but can not access/ping any network hosts. His issue just recently started.

All other users on this switch have no issues.

 

Troubleshooting steps:

I plugged my laptop to his port and I have no issues. I had him sign into my laptop and he is fine no issues.

Plugged his laptop on a different port still has the same issue.

If I plug his laptop into a different switch altogether then he has access. The issue goes away.

The port he is using does not have any errors. Full duplex, 100Mb/s etc.

 

Any thoughts or suggestions?

 

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
alex_dufresne
Level 1
Level 1

‎09-25-2019 07:14 AM

Hello, 

  1. What are the ISE logs saying?
  2. What does "show authentication sessions interface <interface name>" output?
  3. What is the IOS version of the Catalyst switch?
  4. How is his workstation authenticating to the network? MAB, 802.1X ?
  5. What is the NAC-related configuration on the switch? Is there dVLAN or dACL being pushed? Authentication order? etc.

Keep in mind that older IOS do not take CoA unless you add "radius-server vsa send accounting/authentication", for example.

That will help troubleshoot your issue.

 

View solution in original post

0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎09-25-2019 07:19 AM

Hi @GregH.NY ,

 

Can you share the settings of this switch and indicate the MAC of the device with connectivity problems?

 

Regards

View solution in original post

0 Helpful
3 Replies 3

Go to solution
alex_dufresne
Level 1
Level 1

‎09-25-2019 07:14 AM

Hello, 

  1. What are the ISE logs saying?
  2. What does "show authentication sessions interface <interface name>" output?
  3. What is the IOS version of the Catalyst switch?
  4. How is his workstation authenticating to the network? MAB, 802.1X ?
  5. What is the NAC-related configuration on the switch? Is there dVLAN or dACL being pushed? Authentication order? etc.

Keep in mind that older IOS do not take CoA unless you add "radius-server vsa send accounting/authentication", for example.

That will help troubleshoot your issue.

 

0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎09-25-2019 07:19 AM

Hi @GregH.NY ,

 

Can you share the settings of this switch and indicate the MAC of the device with connectivity problems?

 

Regards

0 Helpful

Go to solution
GregH.NY
Level 1
Level 1
In response to luis_cordova

‎09-25-2019 07:48 AM

Nevermind. I had the user plug his laptop back in (he was using wifi) so I can get the current authentication and ISE logs and he seems to be working again. He can get to network hosts with no issues. This issue was going on for about a week and just resolved itself. Maybe something had to time-out or something.

Thanks to all that replied!

 

 

0 Helpful
Customers Also Viewed These Support Documents
Top