Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
227
Views
1
Helpful
1
Replies

Dot1x Auth issue - ISE

ShareefKooliyodan0444
Level 1
Level 1

‎08-02-2023 01:58 AM

ShareefKooliyodan0444_0-1690966241460.png

Please check in above picture , a particular PC not authorizing with ISE , could you guys please get me solution for this .in my envoiurment 

*PC using local user for login , 

* ISE is integrated with AD and DNAC 

pc connected port configuration as below 

interface TenGigabitEthernet7/0/26
switchport access vlan 1035
switchport mode access
switchport voice vlan 1031
load-interval 30
access-session inherit disable interface-template-sticky
access-session inherit disable autoconf
dot1x timeout tx-period 7
dot1x max-reauth-req 3
no macro auto processing
source template DefaultWiredDot1xClosedAuth
spanning-tree portfast
spanning-tree bpduguard enable

 

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎08-02-2023 02:12 AM

@ShareefKooliyodan0444 the endpoint has performed MAB and ISE has attempted to lookup the endpoint using Active Directory, which has no account for the MAC address, hence the error - ERROR_NO_SUCH_USER.

You may wish to check the configuration of the endpoint is configured with 802.1X correctly.

Also you may wish to review your ISE rules to not check AD for MAB connections, use the ISE Internal Endpoints database.

Customers Also Viewed These Support Documents