Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4827
Views
5
Helpful
1
Replies

Wired Connection gets Limited or No Connectivity and is NOT Authenticating

Matthew Martin
Level 5
Level 5

‎12-14-2016 11:02 AM - edited ‎03-11-2019 12:18 AM

Hello All,

We just started seeing an issue on People's PCs where the device is unable to get an IP Address for the Wired connection. Or, at least the NAM Module gets stuck on "Acquiring IP Address" before it bombs-out to "Limited or no Connectivity"...

We are using AnyConnect with the NAM module and ISEPosture module (*all version 4.2). And we are running Cisco ISE v2.0...

Now, this issue seems to be happening on only select devices. Some things we have tested with are: The Wi-Fi seems to be working just fine, the Wi-Fi network uses the same 802.1x authentication, and they are both using "machine authentication" ONLY (*i.e. no user auth is configured)... Now, when I plug the laptop into the Ethernet port and I run "show auth sessions int Gi7/24" for that interface, the laptop in question does NOT even display in the output as attempting to authenticate on the switch, and it does not show in "show mac addr | inc 7/24" either, which I thought was very strange that it doesn't even show-up in the Mac-Address-table either.

We have a small USB-to-Ethernet adapter that we use for laptops who do not have Ethernet ports, so to test I plugged the adapter into the laptop, connected the Ethernet cable to that adapter, and it instantly goes through perfectly, and it now shows up on the switch in the output of both of the above commands...

If I remove the USB adapter and plug the Ethernet cable directly back into the laptop and I add the command "authentication open" onto the interface on the switch where this laptop is connected, and I reconnect the laptop to the port, it almost instantly connects and then postures without any issues whatsoever...

I've downloaded and installed the AnyConnect DART tool and have run it after one of the failed connection attempts. Not sure which logs would be needed to diagnose the issue, I would assume its the logs for the Network Access Manager..? But, the biggest pointer to me is when I turn on "authentication open" on the port and it instantly works, as well as the MAC Address not showing in the "show auth sess int Gi7/24" output, seems to tell me that the laptop is NOT passing the machine authentication to the switch... But, that's just what I got from this.

We've also updated the NIC drivers on the laptop, but that didn't help.

Any help or suggestions would be greatly appreciated!

Thanks in Advance,
Matt

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Matthew Martin
Level 5
Level 5

‎12-20-2016 08:53 AM

I think I figured out the problem. I believe the switch needed the following command below. I noticed for the client's having this issue, their PC's MAC Addresses were showing up on ports that they were NOT currently trying to connect to, and clearing the auth session for that client seemed to get them working again on the new port.

authentication mac-move permit

-Matt

Customers Also Viewed These Support Documents