cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

8145
Views
11
Helpful
3
Replies
Highlighted
Beginner

Authentication result 'no-response' from 'dot1x'

Hi guys,

I this error messages on my win7 machine:

SW1_c3750#

00:23:47: %LINK-5-CHANGED: Interface FastEthernet2/0/7, changed state to adminis

tratively down

00:23:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/7, cha

nged state to down

00:23:56: %LINK-3-UPDOWN: Interface FastEthernet2/0/7, changed state to up

00:23:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/7, cha

nged state to up

00:23:56: %AUTHMGR-5-START: Starting 'dot1x' for client (000c.2986.1153) on Inte

rface Fa2/0/7

00:23:57: %AUTHMGR-5-START: Starting 'dot1x' for client (c83a.35d2.398f) on Inte

rface Fa2/0/7

00:24:26: %DOT1X-5-FAIL: Authentication failed for client (000c.2986.1153) on In

terface Fa2/0/7

00:24:26: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' fo

r client (000c.2986.1153) on Interface Fa2/0/7

00:24:26: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (000c.2986.1

153) on Interface Fa2/0/7

00:24:26: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for cli

ent (000c.2986.1153) on Interface Fa2/0/7

00:24:26: %AUTHMGR-5-FAIL: Authorization failed for client (000c.2986.1153) on I

nterface Fa2/0/7

00:24:27: %DOT1X-5-FAIL: Authentication failed for client (c83a.35d2.398f) on In

terface Fa2/0/7

00:24:27: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' fo

r client (c83a.35d2.398f) on Interface Fa2/0/7

00:24:27: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (c83a.35d2.3

98f) on Interface Fa2/0/7

00:24:27: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for cli

ent (c83a.35d2.398f) on Interface Fa2/0/7

00:24:27: %AUTHMGR-5-FAIL: Authorization failed for client (c83a.35d2.398f) on I

nterface Fa2/0/7

I have c3750 with ios 12.2(50)SE2

My win7 connect to port 2/0/7 on this switch, and I have the configuration as follows:

interface FastEthernet2/0/7

switchport mode access

authentication host-mode multi-auth

authentication open

authentication port-control auto

authentication periodic

authentication timer reauthenticate server

dot1x pae authenticator

dot1x timeout tx-period 10

spanning-tree portfast

end


On my win7 machine I start the Wired Autoconfig service and setup the authentication to PEAP with method of PEA-MSCHAPv2,

This PC are in lab enviroent so I disable the "Authomatic use my windows login name" and setup credential instead (Local Area Connection Status>Properties>Authentication>Additional Settings...>Replace credential)

at the debug radius auth I get

SW1_c3750#

SW1_c3750#

00:37:48: RADIUS/ENCODE(0000001D):Orig. component type = DOT1X

00:37:48: RADIUS(0000001D): Config NAS IP: 0.0.0.0

00:37:48: RADIUS/ENCODE(0000001D): acct_session_id: 29

00:37:48: RADIUS(0000001D): sending

00:37:48: RADIUS/ENCODE: Best Local IP-Address 192.168.1.121 for Radius-Server 1

92.168.1.117

00:37:48: RADIUS(0000001D): Send Access-Request to 192.168.1.117:1812 id 1645/22

, len 201

00:37:48: RADIUS:  authenticator D8 C5 63 73 E1 31 92 63 - F7 1B 78 4A 87 06 9D

3E

00:37:48: RADIUS:  User-Name           [1]   8   "bob-it"

00:37:48: RADIUS:  Service-Type        [6]   6   Framed                    [2]

00:37:48: RADIUS:  Framed-IP-Address   [8]   6   192.168.1.10

00:37:48: RADIUS:  Framed-MTU          [12]  6   1500

00:37:48: RADIUS:  Called-Station-Id   [30]  19  "00-22-90-A6-BC-09"

00:37:48: RADIUS:  Calling-Station-Id  [31]  19  "00-0C-29-86-11-53"

00:37:48: RADIUS:  EAP-Message         [79]  13

00:37:48: RADIUS:   02 01 00 0B 01 62 6F 62 2D 69 74            [ bob-it]

00:37:48: RADIUS:  Message-Authenticato[80]  18

00:37:48: RADIUS:   4E 52 DB C5 66 E9 8A D8 2A D0 D5 BE DE B1 63 E3

[ NRf*c]

00:37:48: RADIUS:  Vendor, Cisco       [26]  49

00:37:48: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A8017900000

01A00227E41"

00:37:48: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

00:37:48: RADIUS:  NAS-Port            [5]   6   50207

00:37:48: RADIUS:  NAS-Port-Id         [87]  19  "FastEthernet2/0/7"

00:37:48: RADIUS:  NAS-IP-Address      [4]   6   192.168.1.121

00:37:48: RADIUS: Received from id 1645/22 192.168.1.117:1812, Access-Reject, le

n 38

00:37:48: RADIUS:  authenticator 0B B5 21 76 89 64 A4 57 - B3 AD 56 23 A3 52 55

BE

00:37:48: RADIUS:  Message-Authenticato[80]  18

00:37:48: RADIUS:   93 F7 C1 6F 80 0A 03 DA 18 34 8F 18 66 DE 81 DE

  [ o4f]

00:37:48: RADIUS(0000001D): Received from id 1645/22

00:37:48: %DOT1X-5-FAIL: Authentication failed for client (000c.2986.1153) on In

terface Fa2/0/7

00:37:48: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for clien

t (000c.2986.1153) on Interface Fa2/0/7

00:37:48: %AUTHMGR-5-FAIL: Authorization failed for client (000c.2986.1153) on I

nterface Fa2/0/7

00:38:49: %AUTHMGR-5-START: Starting 'dot1x' for client (000c.2986.1153) on Inte

rface Fa2/0/7

Please help

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: Authentication result 'no-response' from 'dot1x'

Hi Hariprasad,

At the same day or more lately I restart the PC and after that it works for me,

I don't know why... but it work

Thanks for the reply.. really appreciate it

Thanks

3 REPLIES 3
Cisco Employee

Re: Authentication result 'no-response' from 'dot1x'

I see nothing wrong with the interface configuration on the 3750.

In the first half, since you haven’t enabled 802.1X (Wired AutoConfig service) on the Windows client, the dot1x on the switch port is timing out throwing a ‘no-response’ message:

00:24:26: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (000c.2986.1153) on Interface Fa2/0/7

In the second half, I see that the client is doing 802.1X, the authentication request going to the server, but the response is an ‘Access-Reject’:

00:37:48: RADIUS: Received from id 1645/22 192.168.1.117:1812, Access-Reject, len 38

Could you share your ISE RADIUS live log and details relating to this session to understand why the server is rejecting the authentication request?

Beginner

Re: Authentication result 'no-response' from 'dot1x'

Hi Hariprasad,

At the same day or more lately I restart the PC and after that it works for me,

I don't know why... but it work

Thanks for the reply.. really appreciate it

Thanks

Cisco Employee

Re: Authentication result 'no-response' from 'dot1x'

You maybe hitting the Rejection period in ISE. By default, ISE will silently reject authentication after some number of failed attempts by a certain MAC address. The default reject period is 60 minutes which would explain why you eventually got on later that day.

You can find this setting under Admin|Settings|Protocols|RADIUS