05-15-2014 05:09 AM - edited 02-21-2020 05:11 AM
Hi,
I have a problem. Sometimes it happen, when PC was authenticated by dot1x, it is invoked after some time event "Detected Host Lookup UseCase (Service-Type = Call Check (10))" and then falls to MAB. After calling this event the AD station logs using mac addresses. Correctly must be by AD user name.
I use a supplicant Cisco Anyconnect.
My id stores is Active Directory.
Thanks
09-15-2014 12:55 AM
I have a similar problem but we use the native Windows supplicant, and ISE 1.2 with AD objects.
The machine authenticates fine when it wants to. I checked the logs and found it had failed 80-90% of attempts over the weekend.
Is this a timeout issue? The machine is apparently quite a mess so could potentially be responding too slowly to auth attempts.
Switch in question is a 3750G/3750E mixed stack
11001 | Received RADIUS Access-Request | |
11017 | RADIUS created a new session | |
11027 | Detected Host Lookup UseCase (Service-Type = Call Check (10)) | |
15049 | Evaluating Policy Group | |
15008 | Evaluating Service Selection Policy | |
15048 | Queried PIP | |
15048 | Queried PIP | |
15048 | Queried PIP | |
15004 | Matched rule | |
15041 | Evaluating Identity Policy | |
15006 | Matched Default Rule | |
15013 | Selected Identity Source - Internal Endpoints | |
24209 | Looking up Endpoint in Internal Endpoints IDStore - D0:67:E5:xx:xx:xx | |
24211 | Found Endpoint in Internal Endpoints IDStore | |
22037 | Authentication Passed | |
15036 | Evaluating Authorization Policy | |
15048 | Queried PIP | |
15048 | Queried PIP | |
15048 | Queried PIP | |
15048 | Queried PIP | |
15048 | Queried PIP | |
15004 | Matched rule - Default | |
15016 | Selected Authorization Profile - DenyAccess | |
15039 | Rejected per authorization profile | |
11003 | Returned RADIUS Access-Reject |
09-15-2014 12:55 AM
11-10-2014 05:58 PM
No - for me it's on a stack of 3750G's
11-06-2014 04:08 AM
My problem was fixed. I downgraded IOS from 15.2 on 15.0 and added commands radius-server vsa send accounting, radius-server vsa send authentication. When I added this commands into 2960-C (IOS 15.2) and I looked on "sh run" this command weren`t there.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: