802.1x success but no policy applied

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
In the process of rolling out wired 802.1x authentication and going smoothly so far. Have one workstation that shows Auth status of success but no policy gets applied to the port. Does anyone have an idea of what might be going on here?
Photo of Richard Applebee

Richard Applebee

  • 412 Points 250 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,388 Points 1k badge 2x thumb
Hi Richard,

Did your RADIUS server send a policy (Filter-Id) to the switch during the authentication?  if so, does that policy exist on the switch?

Regards,

Scott Keene
NMS/NAC Support 
Photo of Richard Applebee

Richard Applebee

  • 412 Points 250 badge 2x thumb
Yes and yes. This is working for roughly 30 people in the building I am working on. It is just the one workstation that is not picking up a policy.
(Edited)
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,388 Points 1k badge 2x thumb
Hi Richard,

What is the switch model?  Run a "show multi-auth session" command for the port in question and see if there is a session for the device/user in question.  It would be odd that the switch apply a session for some users and apply that policy but not other users if the same RADIUS server sent the same Filter-Id in both cases.  In the show multi-auth session output there should be a PID number that matches the policy name up, as seen in the output of the "show policy profile all" command.  If the PID is incorrect or missing for the session/user in question but is accurate/present with other sessions that have the same policy name, then you should probably call in and open a case with the GTAC's Switching group to see what's going on there.


Regards,

Scott Keene
Photo of Richard Applebee

Richard Applebee

  • 412 Points 250 badge 2x thumb
It helps if one has remembered to enforce most recent policy changes down to switch. Sorry about that.