Symptom

When we change the name of an extended VLAN, ISE will push the new name. However, the authorization on the switch will fail as it still retains the old VLAN name in its database. A log like : "%SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (000c.298e.f7df) on Interface TenGigabitEthernet1/0/1 AuditSessionID 050303020000001A60068CB0. Failure Reason: VLAN Failure. Failed attribute name VN1-IPV4." is displayed.

Conditions

1) VLAN name (and not VLAN ID) is being pushed from ISE. 2) VLAN name change was done.

Workaround

1) Push VLAN ID instead of name from ISE. OR 2) Recreate the VLAN. OR 3) Reboot the switch.

Further Problem Description

PSIRT Evaluation

The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco''s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html