Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1558
Views
0
Helpful
3
Replies

MAC iD coming as username in Logs

prathamesh002
Level 1
Level 1

‎08-01-2022 08:08 AM

Hi team,

I am getting continuous authentication failed messages when ever any desktop is connected to switch.

It seems in logs in Username field I am getting mac address that mac ISE is searching in ad which ISE will not find ever.

Once it fails it goes to mab for which i have set deny access

Can you please help to resolve this Username issue?

Thanking you in advance.

Best regards,
prathamesh Padosakar

@ciscoCommunity  @dot1x 

Preview file
102 KB
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎08-01-2022 08:59 AM

 

 - It depends on your ISE policies  , if you do a radius / device authentication only , it is normal to show mac as user id. You need to get into dot1x and or with supplicant based authentication to get further then that and adapt ISE NAC policies accordingly.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Arne Bier
VIP
VIP

‎08-01-2022 01:39 PM

Hi @prathamesh002 - I have a feeling that you are using IBNS 2.0 style configuration and that you're allowing 802.1X and MAB to be processed in parallel.

policy-map type control subscriber PARALLEL-POLICY
 event session-started match-all
  10 class always do-until-failure
   10 authenticate using dot1x priority 10
   20 authenticate using mab priority 20

 

If you're confident that you can do one after the other, then try 802.1X first, followed by MAB if 802.1X fails/doesn't respond.

policy-map type control subscriber ISE_AUTH_POLICY
 event session-started match-all
  10 class always do-until-failure
   10 authenticate using dot1x priority 10

 

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎08-15-2022 04:08 PM

A MAC address for the username implies MAC Authentication Bypass (MAB) is being done, not 802.1X.

  • What is your switch configuration?
  • What is your ISE Policy?
  • What is the endpoint?  Is it configured to do 802.1X?

See How to Ask The Community for Help for examples of the kinds of details we need.... just like TAC would request to help you troubleshoot.

0 Helpful
Customers Also Viewed These Support Documents