Cisco Cisco Identity Services Engine 1.3 Merkblatt
© 2015 思科系统公司
第
16 页
安全访问操作指南
May 28 07:11:59.823 UTC: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-4fc368f7| EVENT
DOWNLOAD-REQUEST
May 28 07:11:59.840 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to
up
May 28 07:11:59.890 UTC: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-4fc368f7| EVENT
DOWNLOAD-FAIL
May 28 07:11:59.890 UTC: %EPM-4-POLICY_APP_FAILURE: IP 0.0.0.0| MAC 0016.d42e.e8ba| AuditSessionID
C0A8013C000006719D1BFAB1| AUTHTYPE DOT1X| POLICY_TYPE dACL| POLICY_NAME xACSACLx-IP-
PERMIT_ALL_TRAFFIC-4fc368f7| RESULT FAILURE| REASON AAA download failure
May 28 07:11:59.890 UTC: %EPM-6-IPEVENT: IP 0.0.0.0| MAC 0016.d42e.e8ba| AuditSessionID
C0A8013C000006719D1BFAB1| AUTHTYPE DOT1X| EVENT IP-WAIT
May 28 07:11:59.890 UTC: %AUTHMGR-5-FAIL: Authorization failed for client (0016.d42e.e8ba) on
Interface Fa0/1 AuditSessionID C0A8013C000006719D1BFAB1
May 28 07:11:59.890 UTC: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client
(0016.d42e.e8ba) on Interface Fa0/1 AuditSessionID C0A8013C000006719D1BFAB1
May 28 07:11:59.890 UTC: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0016.d42e.e8ba| AuditSessionID
C0A8013C000006719D1BFAB1| AUTHTYPE DOT1X| EVENT REMOVE
May 28 07:11:59.899 UTC: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL| EVENT DETACH-SUCCESS
May 28 07:11:59.899 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to
down
May 28 07:12:00.846 UTC: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0016.d42e.e8ba)
on Interface Fa0/1 AuditSessionID C0A8013C000006719D1BFAB1
Switch#
Switch#
由于交换机无法处理
dACL,因此其会向终端发送 EAP 失败响应。要修复此问题,请在 ISE 上更正 dACL 中
的语法错误,如下所示:
Switch#
show authentication sessions interface FastEthernet 0/1
Interface: FastEthernet0/1
MAC Address: 0016.d42e.e8ba
IP Address: 192.168.2.100
User-Name: winxp.example.com
Status: Authz Failed
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A8013C000006719D1BFAB1
Acct Session ID: 0x00000C5D
Handle: 0xB2000671
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
Switch#