mnt auth-status
Description
Retrieves authentication history for a specific endpoint. Critical for troubleshooting failed authentications or intermittent connectivity.
Options
| Option | Description | Default |
|---|---|---|
|
History duration in hours |
24 |
|
Maximum records to return |
10 |
|
Output format: |
|
Examples
# Last 24 hours, 10 records
netapi ise mnt auth-status 00:50:C2:39:F0:F7
# Last 1 hour, 50 records (troubleshooting flapping)
netapi ise mnt auth-status 00:50:C2:39:F0:F7 --hours 1 --count 50
# JSON for analysis
netapi ise mnt auth-status 00:50:C2:39:F0:F7 --format json | jq '.[] | select(.passed == false)'Sample Output
Authentication History: 00:50:C2:39:F0:F7
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Timestamp Method Result Reason
──────────────────── ──────── ──────── ─────────────────────
2026-01-23 10:45:12 mab PASSED -
2026-01-23 10:44:58 dot1x FAILED EAP timeout
2026-01-23 10:44:45 dot1x FAILED EAP timeout
2026-01-23 09:15:32 mab PASSED -Common Failure Reasons
| Reason | Action |
|---|---|
|
Device doesn’t support 802.1X - configure MAB fallback |
|
Check credentials, certificate, or identity store |
|
Check authorization policy conditions |
|
Check NAD connectivity to ISE |
|
Release from rejected state: |
Troubleshooting Pattern
# [CHECK] Get auth history
netapi ise mnt auth-status 00:50:C2:39:F0:F7 --hours 1 --count 20
# [PATTERN] dot1x failures followed by mab success = device doesn't do 802.1X
# This is NORMAL for IoT/MAB devices - dot1x times out, falls back to MAB
# [PATTERN] Repeated failures = actual problem
# Check failure reason and investigate