Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1745
Views
0
Helpful
0
Replies

802.1x authenticator mode and destination mac address

kuldeep1
Beginner
Beginner

‎07-21-2020 06:48 AM

Hi,

 

If switch is configured with as authenticator and multi-host mode is configured.

How switch decides the order of client mac address for the supplicant authentication. and can it be changed?or can destination mac address be changed to source mac of received EAP-identity response from supplicant.

if switch has started authentication for macaddr1 but in reply if it is getting eap-rsp (identity) from macaddr2, it is ignoring these EAP packets.

 

Below is the configuration:

 

Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2a)EX5, RELEASE SOFTWARE (fc3)

 

switchport mode access
authentication host-mode multi-host
authentication periodic
authentication timer reauthenticate 300
dot1x pae authenticator
dot1x timeout quiet-period 10

 

Logs:

 

Jul 20 13:53:35.652: %AUTHMGR-5-START: Starting 'dot1x' for client (xxxx.xxxx.0011) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DE11790F5B1
Jul 20 13:55:08.057: %DOT1X-5-FAIL: Authentication failed for client (xxxx.xxxx.0011) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DE11790F5B1
Jul 20 13:55:08.057: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (xxxx.xxxx.0011) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DE11790F5B1
Jul 20 13:55:08.057: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (xxxx.xxxx.0011) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DE11790F5B1
Jul 20 13:55:08.057: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (xxxx.xxxx.0011) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DE11790F5B1
Jul 20 13:55:08.057: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (xxxx.xxxx.0011) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DE11790F5B1
Jul 20 13:56:08.594: %AUTHMGR-5-START: Starting 'dot1x' for client (xxxx.xxxx.0011) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DE11790F5B1
Jul 20 13:56:08.842: %AUTHMGR-5-START: Starting 'dot1x' for client (xxxx.xxxx.000c) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DEA179351A2
Jul 20 13:56:09.118: %DOT1X-5-SUCCESS: Authentication successful for client (xxxx.xxxx.000c) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DEA179351A2
Jul 20 13:56:09.118: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (xxxx.xxxx.000c) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DEA179351A2
Jul 20 13:56:09.615: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (xxxx.xxxx.000c) on Interface Gi1/0/13 AuditSessionID 0A2B49FC00053DEA179351A2

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: