topic Dot1x Authentication problems in Network Access Control https://community.cisco.com/t5/network-access-control/dot1x-authentication-problems/m-p/2735679#M57225 <P>Hi,</P><P>In our network we use dot1x authentication to authenticatie devices to the network. When devices are authenticated they get the right vlan assignment. When this fails they will get the guest vlan assigned. Lately we see a lot of pc's that cannot login on the network because they are not authenticated right. When i check the interface authentication process the dot1x service status is stopped:</P><P>sh access-session interface gi1/0/12 details&nbsp;<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Interface: &nbsp;GigabitEthernet1/0/12<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IIF-ID: &nbsp;0x101430000001656&nbsp;<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MAC Address: &nbsp;8cdc.d436.a930<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IPv6 Address: &nbsp;Unknown<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IPv4 Address: &nbsp;10.212.12.13<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; User-Name: &nbsp;8cdcd436a930<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Status: &nbsp;Authorized<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Domain: &nbsp;DATA<BR />&nbsp; &nbsp; &nbsp; &nbsp;Oper host mode: &nbsp;multi-domain<BR />&nbsp; &nbsp; &nbsp;Oper control dir: &nbsp;both<BR />&nbsp; &nbsp; &nbsp; Session timeout: &nbsp;N/A<BR />&nbsp; &nbsp; Common Session ID: &nbsp;0AD40D05000154A4725862FE<BR />&nbsp; &nbsp; &nbsp; Acct Session ID: &nbsp;0x0001F08F<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Handle: &nbsp;0x14000CA6<BR />&nbsp; &nbsp; &nbsp; &nbsp;Current Policy: &nbsp;POLICY_Gi1/0/1</P><P>Local Policies:<BR />&nbsp; &nbsp; &nbsp; &nbsp; Service Template: GUEST_VLAN_Gi1/0/1 (priority 150)<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Vlan Group: &nbsp;Vlan: 12</P><P>Method status list:<BR />&nbsp; &nbsp; &nbsp; &nbsp;Method &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; State<BR />&nbsp; &nbsp; &nbsp; &nbsp;dot1x &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Stopped<BR />&nbsp; &nbsp; &nbsp; &nbsp;mab &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Stopped</P><P>&nbsp;</P><P>We use Windows NPS as radius server. Checking the event viewer on this server i don't see any request from this pc.</P><P>I am figuring out why the dot1x method stopped. Is this an issue on the switch or on the client? Or does the NPS server not respond?</P> Mon, 11 Mar 2019 06:08:16 GMT Network Engineer 2019-03-11T06:08:16Z Dot1x Authentication problems https://community.cisco.com/t5/network-access-control/dot1x-authentication-problems/m-p/2735679#M57225 <P>Hi,</P><P>In our network we use dot1x authentication to authenticatie devices to the network. When devices are authenticated they get the right vlan assignment. When this fails they will get the guest vlan assigned. Lately we see a lot of pc's that cannot login on the network because they are not authenticated right. When i check the interface authentication process the dot1x service status is stopped:</P><P>sh access-session interface gi1/0/12 details&nbsp;<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Interface: &nbsp;GigabitEthernet1/0/12<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IIF-ID: &nbsp;0x101430000001656&nbsp;<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MAC Address: &nbsp;8cdc.d436.a930<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IPv6 Address: &nbsp;Unknown<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;IPv4 Address: &nbsp;10.212.12.13<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; User-Name: &nbsp;8cdcd436a930<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Status: &nbsp;Authorized<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Domain: &nbsp;DATA<BR />&nbsp; &nbsp; &nbsp; &nbsp;Oper host mode: &nbsp;multi-domain<BR />&nbsp; &nbsp; &nbsp;Oper control dir: &nbsp;both<BR />&nbsp; &nbsp; &nbsp; Session timeout: &nbsp;N/A<BR />&nbsp; &nbsp; Common Session ID: &nbsp;0AD40D05000154A4725862FE<BR />&nbsp; &nbsp; &nbsp; Acct Session ID: &nbsp;0x0001F08F<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Handle: &nbsp;0x14000CA6<BR />&nbsp; &nbsp; &nbsp; &nbsp;Current Policy: &nbsp;POLICY_Gi1/0/1</P><P>Local Policies:<BR />&nbsp; &nbsp; &nbsp; &nbsp; Service Template: GUEST_VLAN_Gi1/0/1 (priority 150)<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Vlan Group: &nbsp;Vlan: 12</P><P>Method status list:<BR />&nbsp; &nbsp; &nbsp; &nbsp;Method &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; State<BR />&nbsp; &nbsp; &nbsp; &nbsp;dot1x &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Stopped<BR />&nbsp; &nbsp; &nbsp; &nbsp;mab &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Stopped</P><P>&nbsp;</P><P>We use Windows NPS as radius server. Checking the event viewer on this server i don't see any request from this pc.</P><P>I am figuring out why the dot1x method stopped. Is this an issue on the switch or on the client? Or does the NPS server not respond?</P> Mon, 11 Mar 2019 06:08:16 GMT https://community.cisco.com/t5/network-access-control/dot1x-authentication-problems/m-p/2735679#M57225 Network Engineer 2019-03-11T06:08:16Z