各位好!
由于业务需求,需要对H3C交换机和ISE进行对接,并使用802.1X对用户进行认证。
从H3C下抓取的debuging如下:
terminal debugging
The current terminal is enabled to display debugging logs.
*Jan 1 06:41:07:650 2013 H3C DOT1X/7/EVENT: Processing interface event.
*Jan 1 06:41:07:651 2013 H3C DOT1X/7/EVENT: Processing interface up event.
%Jan 1 06:41:07:652 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to up.
%Jan 1 06:41:07:660 2013 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to up.
%Jan 1 06:41:08:148 2013 H3C LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent neighbor created on port GigabitEthernet1/0/1 (IfIndex 1), neighbor's chassis ID is 2cfd-a1b1-e4db, port ID is 2cfd-a1b1-e4db.
*Jan 1 06:41:08:239 2013 H3C DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=0180-c200-0003
Source Mac Address=2cfd-a1b1-e4db
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=1
Packet Length=0
*Jan 1 06:41:08:240 2013 H3C DOT1X/7/EVENT: PAE is in Disconnect state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:240 2013 H3C DOT1X/7/EVENT: BE is in Initialize state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:240 2013 H3C DOT1X/7/EVENT: PAE is in Restart state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:240 2013 H3C DOT1X/7/EVENT: BE is in Idle state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:240 2013 H3C DOT1X/7/EVENT: PAE is in Connecting state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:241 2013 H3C DOT1X/7/EVENT: PAE is in Authenticating state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:241 2013 H3C DOT1X/7/EVENT: BE is in Request state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:241 2013 H3C DOT1X/7/EVENT: Sending EAP packet: Identifier=1, type=1.
*Jan 1 06:41:08:242 2013 H3C DOT1X/7/PACKET:
Transmitted a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=2cfd-a1b1-e4db
Source Mac Address=542b-de37-3b3a
VLAN ID=132
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=5
-----Packet Body-----
Code=1
Identifier=1
Length=1280
*Jan 1 06:41:08:286 2013 H3C DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=0180-c200-0003
Source Mac Address=2cfd-a1b1-e4db
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=25
-----Packet Body-----
Code=2
Identifier=1
Length=25
*Jan 1 06:41:08:286 2013 H3C DOT1X/7/EVENT: BE is in Response state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:286 2013 H3C DOT1X/7/EVENT: Successfully created server timeout timer: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:287 2013 H3C DOT1X/7/EVENT: BE is in Request state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:287 2013 H3C DOT1X/7/EVENT: Sending EAP packet: Identifier=2, type=4.
*Jan 1 06:41:08:288 2013 H3C DOT1X/7/PACKET:
Transmitted a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=2cfd-a1b1-e4db
Source Mac Address=542b-de37-3b3a
VLAN ID=132
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=22
-----Packet Body-----
Code=1
Identifier=2
Length=5632
*Jan 1 06:41:08:293 2013 H3C DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=542b-de37-3b3a
Source Mac Address=2cfd-a1b1-e4db
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=32
-----Packet Body-----
Code=2
Identifier=2
Length=32
*Jan 1 06:41:08:293 2013 H3C DOT1X/7/EVENT: BE is in Response state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:294 2013 H3C DOT1X/7/EVENT: Successfully created server timeout timer: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:294 2013 H3C DOT1X/7/EVENT: Sent authentication request: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:296 2013 H3C DOT1X/7/EVENT: AAA processed authentication request: Result=Processing, UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:300 2013 H3C DOT1X/7/EVENT: Received authentication response with code 26: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:301 2013 H3C DOT1X/7/EVENT: BE is in Fail state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:302 2013 H3C DOT1X/7/PACKET:
Transmitted a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=2cfd-a1b1-e4db
Source Mac Address=542b-de37-3b3a
VLAN ID=132
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=4
-----Packet Body-----
Code=4
Identifier=2
Length=1024
*Jan 1 06:41:08:302 2013 H3C DOT1X/7/EVENT: PAE is in Aborting state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:303 2013 H3C DOT1X/7/EVENT: BE is in Initialize state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:303 2013 H3C DOT1X/7/EVENT: PAE is in Disconnect state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:303 2013 H3C DOT1X/7/EVENT: BE is in Idle state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:304 2013 H3C DOT1X/7/EVENT: Interface GigabitEthernet1/0/1 received Set the port authorization status to unauthorized event.
*Jan 1 06:41:08:306 2013 H3C DOT1X/7/EVENT: Processing AuthenFail event: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:306 2013 H3C DOT1X/7/EVENT: Notified PortSec of AuthenFail result 2: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:08:317 2013 H3C DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=0180-c200-0003
Source Mac Address=2cfd-a1b1-e4db
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=6
-----Packet Body-----
Code=2
Identifier=2
Length=6
*Jan 1 06:41:08:317 2013 H3C DOT1X/7/ERROR: Mismatched identifier.
*Jan 1 06:41:13:224 2013 H3C DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=0180-c200-0003
Source Mac Address=2cfd-a1b1-e4db
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=1
Packet Length=0
*Jan 1 06:41:13:224 2013 H3C DOT1X/7/EVENT: PAE is in Disconnect state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:224 2013 H3C DOT1X/7/EVENT: BE is in Initialize state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:225 2013 H3C DOT1X/7/EVENT: PAE is in Restart state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:225 2013 H3C DOT1X/7/EVENT: BE is in Idle state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:225 2013 H3C DOT1X/7/EVENT: PAE is in Connecting state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:226 2013 H3C DOT1X/7/EVENT: PAE is in Authenticating state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:226 2013 H3C DOT1X/7/EVENT: BE is in Request state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:226 2013 H3C DOT1X/7/EVENT: Sending EAP packet: Identifier=1, type=1.
*Jan 1 06:41:13:227 2013 H3C DOT1X/7/PACKET:
Transmitted a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=2cfd-a1b1-e4db
Source Mac Address=542b-de37-3b3a
VLAN ID=132
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=5
-----Packet Body-----
Code=1
Identifier=1
Length=1280
*Jan 1 06:41:13:331 2013 H3C DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=542b-de37-3b3a
Source Mac Address=2cfd-a1b1-e4db
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=47
-----Packet Body-----
Code=2
Identifier=1
Length=47
*Jan 1 06:41:13:331 2013 H3C DOT1X/7/EVENT: BE is in Response state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:331 2013 H3C DOT1X/7/EVENT: Successfully created server timeout timer: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:332 2013 H3C DOT1X/7/EVENT: BE is in Request state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:332 2013 H3C DOT1X/7/EVENT: Sending EAP packet: Identifier=2, type=4.
*Jan 1 06:41:13:333 2013 H3C DOT1X/7/PACKET:
Transmitted a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=2cfd-a1b1-e4db
Source Mac Address=542b-de37-3b3a
VLAN ID=132
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=22
-----Packet Body-----
Code=1
Identifier=2
Length=5632
*Jan 1 06:41:13:337 2013 H3C DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=542b-de37-3b3a
Source Mac Address=2cfd-a1b1-e4db
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=32
-----Packet Body-----
Code=2
Identifier=2
Length=32
*Jan 1 06:41:13:337 2013 H3C DOT1X/7/EVENT: BE is in Response state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:338 2013 H3C DOT1X/7/EVENT: Successfully created server timeout timer: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:338 2013 H3C DOT1X/7/EVENT: Sent authentication request: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:340 2013 H3C DOT1X/7/EVENT: AAA processed authentication request: Result=Processing, UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:345 2013 H3C DOT1X/7/EVENT: Received authentication response with code 26: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:345 2013 H3C DOT1X/7/EVENT: BE is in Fail state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:346 2013 H3C DOT1X/7/PACKET:
Transmitted a packet on interface GigabitEthernet1/0/1.
Destination Mac Address=2cfd-a1b1-e4db
Source Mac Address=542b-de37-3b3a
VLAN ID=132
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=0
Packet Length=4
-----Packet Body-----
Code=4
Identifier=2
Length=1024
*Jan 1 06:41:13:347 2013 H3C DOT1X/7/EVENT: PAE is in Aborting state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:347 2013 H3C DOT1X/7/EVENT: BE is in Initialize state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:347 2013 H3C DOT1X/7/EVENT: PAE is in Disconnect state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:348 2013 H3C DOT1X/7/EVENT: BE is in Idle state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:348 2013 H3C DOT1X/7/EVENT: Interface GigabitEthernet1/0/1 received Set the port authorization status to unauthorized event.
*Jan 1 06:41:13:350 2013 H3C DOT1X/7/EVENT: Processing AuthenFail event: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:13:350 2013 H3C DOT1X/7/EVENT: Notified PortSec of AuthenFail result 2: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1.
*Jan 1 06:41:15:198 2013 H3C DOT1X/7/EVENT: EAP-Request/Identity packet multicasting timed out on GigabitEthernet1/0/1.
*Jan 1 06:41:15:199 2013 H3C DOT1X/7/EVENT: Multicasted EAP-Request/Identity packets on interface GigabitEthernet1/0/1.
在ISE上观察,ISE认证不通过;且本机显示身份验证失败……这是为什么呢……