Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4827
Views
2
Helpful
2
Replies

SANET AUTHC failure ???

JustTakeTheFirstStep
Level 9
Level 9

‎03-07-2023 01:59 AM

We are tracking the client's wireless disconnection.

I would like to know what "SANET AUTHC failure" means.

press_IMG_0566.png

3 people had this problem
0 Helpful
2 Replies 2

Mark Elsen
Hall of Fame
Hall of Fame

‎03-07-2023 03:45 AM

 

 - Following this document https://blogs.cisco.com/networking/new-software-architecture-enables-session-aware-networking-to-massively-scale-authentication-and-access-policy-control , SANET refers to Authentication methods available including 802.1X, Web Authentication, and MAC Authentication Bypass (MAB) , ISE. Therefore you can check (for instance) ISE logs and lookup that particular authentication request for a client and check why it fails. For the clients that disconnect also use client debugging as described in https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , you  can have client debugs analyzed with : https://cway.cisco.com/wireless-debug-analyzer
                                                This may provide more insights as to the client behavior.

  Appendix :  Review your 9800 controller configuration with the CLI command : show  tech   wireless , have the output analyzed by  https://cway.cisco.com/tools/WirelessAnalyzer/  , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer.               Checkout all advisories!

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Baranldo
Community Member

‎04-02-2026 05:29 PM

Hi Mark,

We are experiencing a similar issue across our environment. When users are docked (wired) and then undock and connect to the corporate Wi-Fi, they often get stuck in a “no internet” state.

On the authentication side, everything looks normal—on Cisco ISE, the user shows as successfully authenticated. However, it appears the client ends up in a stale session conflict after transitioning from the wired docking station to Wi-Fi.

From the controller perspective (Cisco 9800-CL with FlexConnect), the client initially gets stuck in the “IP Learn” policy state. After some time, the device does obtain an IP address, but the “no internet” status remains and the user cannot access any resources.

This issue is recurring across the organization.

We’re looking for a permanent solution to prevent these stale session conflicts during wired-to-wireless transitions.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card