Hello All,
We faced with an issue 5440 Endpoint abandoned EAP session and started new
Devices:
AP 3700 in Autonomous Mode
Cisco ISE 2.4
PFSense
Juniper SRX
Connection:
Client <==Wireless==> AP(3700i) <====> Juniper SRX <=== IPSec ===> PFSense <=====> Cisco ISE 2.4.0.357 Patch 9
Attached the AP Test Configuration and also please find the error message from ISE as below:
I tried several AP it doesn't work. Is there anyway to get more specific error?
Debug dot1x from AP:
*Mar 4 00:38:56.041: AAA/BIND(000005C3): Bind i/f
*Mar 4 00:38:56.041: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.097: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.097: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.097: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.261: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.261: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.357: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.357: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.357: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.369: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.837: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.837: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.837: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.861: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.865: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.865: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.865: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.873: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.877: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.877: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.877: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.885: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.889: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.889: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.889: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.893: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.897: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.897: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.897: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.905: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.905: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.905: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.905: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.913: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:56.917: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:56.917: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:56.917: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:38:56.921: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 4 00:38:57.365: dot1x-ev(Do1): Role determination not required
*Mar 4 00:38:57.365: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:38:57.365: AAA/AUTHEN/PPP (000005C3): Pick method list 'eap_methods'
*Mar 4 00:39:15.373: dot1x-ev(Do1): Role determination not required
*Mar 4 00:39:15.373: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:39:20.373: dot1x-ev(Do1): Role determination not required
*Mar 4 00:39:20.373: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:39:25.385: dot1x-ev(Do1): Role determination not required
*Mar 4 00:39:25.385: dot1x-packet(Do1): Queuing an EAPOL pkt on Authenticator Q
*Mar 4 00:39:30.401: Dot11Radio1: Going to delete client 38de.adce.cc69 Reason: request
Thank you in advance.
Accepted Solutions
