https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082310#M276187 <HTML><HEAD></HEAD><BODY><P> Hi Michal!</P><P></P><P>Thanks for answering.</P><P></P><P>But does that command do the same thing?&nbsp; Shouldn't <EM>dot1x reauthenticate interface</EM> force a new authentication and <EM>clear dot1x interface</EM> just deauthenticate the client?</P><P></P><P>And I really fint it intressting that commands from Configuration Guide does not exist i real life.</P><P></P><P>Again, thanks for your efforts!</P><P></P><P>//</P><P>Johan</P></BODY></HTML> Fri, 18 Jan 2013 12:17:34 GMT jmandersson 2013-01-18T12:17:34Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082308#M276160 <P>Hi Guys,</P><P></P><P>I was looking for a way the manually re-authenticate dot1x client from cli and found this:</P><P><A href="http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/15.0_2_se/configuration/guide/sw8021x.html#wp1195665" target="_blank">http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/15.0_2_se/configuration/guide/sw8021x.html#wp1195665</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P></P><P align="left"><SPAN style="font-size: 10pt; font-family: Times-Roman; ">"You manually reauthenticate the client by entering the <STRONG style="font-size: 10pt; font-family: Times-Bold; "><STRONG style="font-size: 10pt; font-family: Times-Bold; ">dot1x reauthenticate interface </STRONG></STRONG><EM style=": ; font-size: 10pt; font-family: Times-Bold; ">interface-id </EM><SPAN style="font-size: 10pt; font-family: Times-Bold; ">privileged </SPAN><SPAN style="font-size: 10pt; font-family: Times-Bold; ">EXEC command"</SPAN></SPAN></P><P align="left"></P><P align="left">I've tried it 2960 with 12.2(58)SE and 15.0(2)SE, but it doesn't seems to be implemented. </P><P align="left">Have I missunderstood something? Or do you guys have any other command to accomplish a manually re-auth?</P><P align="left"></P><P align="left">Thanks,</P><P align="left">Johan</P> Mon, 11 Mar 2019 02:59:27 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082308#M276160 jmandersson 2019-03-11T02:59:27Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082309#M276165 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I use "clear dot1x interface e0/0"</P><P></P><P>---</P><P>Michal</P></BODY></HTML> Fri, 18 Jan 2013 10:32:44 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082309#M276165 Michal Garcarz 2013-01-18T10:32:44Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082310#M276187 <HTML><HEAD></HEAD><BODY><P> Hi Michal!</P><P></P><P>Thanks for answering.</P><P></P><P>But does that command do the same thing?&nbsp; Shouldn't <EM>dot1x reauthenticate interface</EM> force a new authentication and <EM>clear dot1x interface</EM> just deauthenticate the client?</P><P></P><P>And I really fint it intressting that commands from Configuration Guide does not exist i real life.</P><P></P><P>Again, thanks for your efforts!</P><P></P><P>//</P><P>Johan</P></BODY></HTML> Fri, 18 Jan 2013 12:17:34 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082310#M276187 jmandersson 2013-01-18T12:17:34Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082311#M276236 <HTML><HEAD></HEAD><BODY><P>You are right, should.</P><P></P><P>I am not sure what is the trigger for "dot1x reauthenticate interface". Maybe we need to have configured periodic reauthentication to have it working, example:</P><P></P><P>Switch(config-if)# dot1x reauthentication</P><P>Switch(config-if)# dot1x timeout reauth-period 4000</P><P></P><P>Could you try that ?</P><P>You can also enable "debug dot1x all" and verify if any packet has been send by switch ("</P><P>EAPOL pak dump Tx").</P><P></P><P>If you will still have the problem i will build a lab and test it myself.</P><P></P><P> ---</P><P>Michal</P><P><EM style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><BR /></EM></P></BODY></HTML> Fri, 18 Jan 2013 12:37:27 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082311#M276236 Michal Garcarz 2013-01-18T12:37:27Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082312#M276283 <HTML><HEAD></HEAD><BODY><P> Okey, i think some of my problems are related to Authentication Manager commands and pre Authentication Manager commands.</P><P></P><P>dot1x reauthentication&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authentication periodic</P><P>dot1x timeout reauth-period 4000 --&gt;&nbsp;&nbsp;&nbsp;&nbsp; authentication timer reauthenticate 4000</P><P></P><P>But still, I can't find any equivalent to my <EM>dot1x reauthenticate interface</EM></P><P></P><P></P><P>//</P><P>Johan</P></BODY></HTML> Fri, 18 Jan 2013 13:13:28 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082312#M276283 jmandersson 2013-01-18T13:13:28Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082313#M276343 <HTML><HEAD></HEAD><BODY><P>Johan, i can confirm, tested on version 15 - i do not have that command "dot1x reauthenticate interface"</P><P></P><P>You are right: this is a documentation bug.</P><P></P><P>It does not make sense to have two command which does something similar. "clear dot1x interface" does the same - after 2 seconds my switch sent EAP request identity.</P><P></P><P>---</P><P>Michal</P></BODY></HTML> Fri, 18 Jan 2013 13:31:28 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082313#M276343 Michal Garcarz 2013-01-18T13:31:28Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082314#M276412 <HTML><HEAD></HEAD><BODY><P>Great, then I'l satisfy with <EM>clear dot1x interface</EM></P><P></P><P>Thanks! </P><P>Johan</P></BODY></HTML> Fri, 18 Jan 2013 13:47:38 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/2082314#M276412 jmandersson 2013-01-18T13:47:38Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/3174416#M276448 <P>Hi,</P><P>thought not in timely manner but just for ultimate clarity on the subject <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR />b0202094-01#dot1x re-authenticate interface g2/39<BR />b0202094-01#</P> Wed, 23 Aug 2017 08:03:45 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/3174416#M276448 Andrii Oliinyk 2017-08-23T08:03:45Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/3179751#M276518 <P>Hmmm, if I do a "clear dot1x interface gigabitEthernet 1/0/41" the client will lost his connectivity and will never be reachable till I shut and no-shut the interface (or unplug and replug the clients ethernet interface).</P><P>&nbsp;</P><P>I have also enabled fot testing the reauthentication enabled.</P><P>&nbsp;</P><P>It stays in this state:</P><P>&nbsp;</P><P>2960XR#sh authentication sessions interface gigabitEthernet 1/0/41</P><P>Interface Identifier Method Domain Status Fg Session ID<BR />-----------------------------------------------------------------------------<BR />Gi1/0/41 5c26.0a01.ed64 N/A UNKNOWN Unauth 000000000000002F00A291E6</P><P><BR />Key to Session Events Blocked Status Flags:</P><P>A - Applying Policy (multi-line status for details)<BR />D - Awaiting Deletion<BR />F - Final Removal in progress<BR />I - Awaiting IIF ID allocation<BR />N - Waiting for AAA to come up<BR />P - Pushed Session<BR />R - Removing User Profile (multi-line status for details)<BR />U - Applying User Profile (multi-line status for details)<BR />X - Unknown Blocker</P><P>Runnable methods list:<BR />Handle Priority Name<BR />8 0 dot1xSupp<BR />7 5 dot1x<BR />18 10 mab<BR />16 15 webauth</P><P>2960XR#</P><P>&nbsp;</P><P>After a shutdown and no-shutdown of the interface all is fine again.</P><P>&nbsp;</P><P>2960XR#sh authentication sessions interface gigabitEthernet 1/0/41</P><P>Interface Identifier Method Domain Status Fg Session ID<BR />-----------------------------------------------------------------------------<BR />Gi1/0/41 5c26.0a01.ed64 dot1x DATA Auth 000000000000003000A407B3</P><P><BR />Key to Session Events Blocked Status Flags:</P><P>A - Applying Policy (multi-line status for details)<BR />D - Awaiting Deletion<BR />F - Final Removal in progress<BR />I - Awaiting IIF ID allocation<BR />N - Waiting for AAA to come up<BR />P - Pushed Session<BR />R - Removing User Profile (multi-line status for details)<BR />U - Applying User Profile (multi-line status for details)<BR />X - Unknown Blocker</P><P>Runnable methods list:<BR />Handle Priority Name<BR />8 0 dot1xSupp<BR />7 5 dot1x<BR />18 10 mab<BR />16 15 webauth</P><P>2960XR#</P><P>&nbsp;</P><P>&nbsp;</P><P>Do you have any ideas whats going wrong here?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 04 Sep 2017 14:18:33 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/3179751#M276518 RAINER ADAM 2017-09-04T14:18:33Z https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/3313128#M276582 <P>You can do "clear authentication session interface gigabitEthernet 1/0/41" I believe.</P> <P>&nbsp;</P> <P>Then "show authentication session interface gigabitEthernet 1/0/41 details"</P> Wed, 17 Jan 2018 19:08:34 GMT https://community.cisco.com/t5/network-access-control/manually-re-authenticate-dot1x-client/m-p/3313128#M276582 jalemanp 2018-01-17T19:08:34Z