dc failed
Description
Query failed RADIUS authentication events with detailed failure reasons. Unlike dc recent --status failed, this command includes the failure reason codes and descriptions, making it invaluable for troubleshooting.
Options
| Option | Default | Description |
|---|---|---|
|
|
Hours to look back |
|
|
Maximum records to return |
|
Use the global |
Usage
# Last 24 hours (default)
netapi ise dc failed
# Last hour only
netapi ise dc failed --hours 1
# More results
netapi ise dc failed --limit 200
# Quick check + count
netapi ise dc failed --hours 1 --limit 10Sample Output
Failed Authentications (Last 24 Hours)
─────────────────────────────────────────────────────────────────────────────────
Time MAC Username Failure Reason
─────────────────────────────────────────────────────────────────────────────────
2026-01-23 10:43:21 14:F6:D8:7B:31:80 14:F6:D8:7B... 22056 Subject not found in the identity store
2026-01-23 10:41:08 AA:BB:CC:DD:EE:FF unknown 22028 Authentication failed
2026-01-23 10:38:55 64:32:A8:C4:C7:19 64:32:A8:C4... 24408 User authentication against LDAP server failed
2026-01-23 10:35:22 00:11:22:33:44:55 00:11:22:33... 22056 Subject not found in the identity storeCommon Failure Reasons
| Code | Meaning |
|---|---|
22056 |
Subject not found in identity store (endpoint not registered) |
22028 |
Generic authentication failure |
22040 |
Wrong password or shared secret |
24408 |
LDAP/AD authentication failed |
24454 |
EAP-TLS certificate rejected |
24460 |
Certificate chain validation failed |
12300 |
Supplicant stopped responding (client-side issue) |
Use Cases
Identify Pattern of Failures
# Get failures and count by reason
netapi ise dc --format json failed | jq 'group_by(.failure_reason) | map({reason: .[0].failure_reason, count: length})'See Also
-
recent - All authentications (passed and failed)
-
auth-history - Complete timeline for a specific MAC
-
session - Full session view