Can someone help pointing why the PC DATA authorization failed.
show session auth, interface config and debug dox1x included.
SWITCH#sho authentication sessions
Interface MACAddress Method Domain Status Session ID
Gi1/0/2 c4b9.cdb5.325e mab VOICE Authz Success 0A16640A0000001A002704FF
Gi1/0/3 d4be.d95c.a825 N/A DATA Authz Failed 0A16640A00000014001E9424
SWITCH#sh run int g1/0/3
Building configuration...
Current configuration : 408 bytes
!
interface GigabitEthernet1/0/3
switchport access vlan 120
switchport mode access
switchport voice vlan 150
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
end
SWITCH(config-if)#no shut
SWITCH#
dot1x-ev(Gi1/0/3): Interface state changed to UP
dot1x_auth Gi1/0/3: initial state auth_initialize has enter
dot1x-sm(Gi1/0/3): 0x3A000022:auth_initialize_enter called
dot1x_auth Gi1/0/3: during state auth_initialize, got event 0(cfg_auto)
@@@ dot1x_auth Gi1/0/3: auth_initialize -> auth_disconnected
dot1x-sm(Gi1/0/3): 0x3A000022:auth_disconnected_enter called
dot1x_auth Gi1/0/3: idle during state auth_disconnected
@@@ dot1x_auth Gi1/0/3: auth_disconnected -> auth_restart
dot1x-sm(Gi1/0/3): 0x3A000022:auth_restart_enter called
dot1x-ev(Gi1/0/3): Sending create new context event to EAP for 0x3A000022 (0000.0000.0000)
dot1x_auth_bend Gi1/0/3: initial state auth_bend_initialize has enter
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_initialize_enter called
dot1x_auth_bend Gi1/0/3: initial state auth_bend_initialize has idle
dot1x_auth_bend Gi1/0/3: during state auth_bend_initialize, got event 16383(idle)
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_initialize -> auth_bend_idle
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_idle_enter called
dot1x-ev(Gi1/0/3): Created a client entry (0x3A000022)
dot1x-ev(Gi1/0/3): Dot1x authentication started for 0x3A000022 (0000.0000.0000)
dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet1/0/3
dot1x-sm(Gi1/0/3): Posting !EAP_RESTART on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_restart, got event 6(no_eapRestart)
@@@ dot1x_auth Gi1/0/3: auth_restart -> auth_connecting
dot1x-sm(Gi1/0/3): 0x3A000022:auth_connecting_enter called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_restart_connecting_action called
dot1x-sm(Gi1/0/3): Posting RX_REQ on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
@@@ dot1x_auth Gi1/0/3: auth_connecting -> auth_authenticating
dot1x-sm(Gi1/0/3): 0x3A000022:auth_authenticating_enter called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_connecting_authenticating_action called
dot1x-sm(Gi1/0/3): Posting AUTH_START for 0x3A000022
dot1x_auth_bend Gi1/0/3: during state auth_bend_idle, got event 4(eapReq_authStart)
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_idle -> auth_bend_request
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_request_enter called
dot1x-ev(Gi1/0/3): Sending EAPOL packet to group PAE address
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-registry:registry:dot1x_ether_macaddr called
dot1x-ev(Gi1/0/3): Sending out EAPOL packet
EAPOL pak dump Tx
EAPOL Version: 0x3 type: 0x0 length: 0x0005
EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
dot1x-packet(Gi1/0/3): EAPOL packet sent to client 0x3A000022 (0000.0000.0000)
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_idle_request_action called
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-packet(Gi1/0/3): queuing an EAPOL pkt on Auth Q
dot1x-ev:Enqueued the eapol packet to the global authenticator queue
dot1x-ev(Gi1/0/3): New client notification from AuthMgr for 0x3A000022 - d4be.d95c.a825
%AUTHMGR-5-START: Starting 'dot1x' for client (d4be.d95c.a825) on Interface Gi1/0/3 AuditSessionID 0A16640A0000001B002E60B2
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-ev:dot1x_auth_queue_event: Int Gi1/0/3 CODE= 0,TYPE= 0,LEN= 0
dot1x-packet(Gi1/0/3): Received an EAPOL frame
dot1x-ev(Gi1/0/3): Received pkt saddr =d4be.d95c.a825 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
dot1x-packet(Gi1/0/3): Received an EAPOL-Start packet
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-sm(Gi1/0/3): Posting EAPOL_START on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_authenticating, got event 4(eapolStart)
@@@ dot1x_auth Gi1/0/3: auth_authenticating -> auth_aborting
dot1x-sm(Gi1/0/3): 0x3A000022:auth_authenticating_exit called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_aborting_enter called
dot1x-sm(Gi1/0/3): Posting RESTART on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_aborting, got event 13(restart)
@@@ dot1x_auth Gi1/0/3: auth_aborting -> auth_restart
dot1x-sm(Gi1/0/3): 0x3A000022:auth_aborting_exit called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_restart_enter called
dot1x-ev(Gi1/0/3): Resetting the client 0x3A000022 (d4be.d95c.a825)
dot1x-ev(Gi1/0/3): Sending create new context event to EAP for 0x3A000022 (d4be.d95c.a825)
dot1x-sm(Gi1/0/3): Posting !EAP_RESTART on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_restart, got event 6(no_eapRestart)
@@@ dot1x_auth Gi1/0/3: auth_restart -> auth_connecting
dot1x-sm(Gi1/0/3): 0x3A000022:auth_connecting_enter called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_restart_connecting_action called
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-packet(Gi1/0/3): Queuing an EAPOL pkt on Authenticator Q
dot1x-ev:Enqueued the eapol packet to the global authenticator queue
dot1x-sm(Gi1/0/3): Posting AUTH_ABORT for 0x3A000022
dot1x_auth_bend Gi1/0/3: during state auth_bend_request, got event 1(authAbort)
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_request -> auth_bend_initialize
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_initialize_enter called
dot1x_auth_bend Gi1/0/3: idle during state auth_bend_initialize
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_initialize -> auth_bend_idle
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_idle_enter called
%SYS-5-CONFIG_I: Configured from console by console
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x0 length: 0x000C
dot1x-ev:dot1x_auth_queue_event: Int Gi1/0/3 CODE= 2,TYPE= 1,LEN= 12
dot1x-packet(Gi1/0/3): Received an EAPOL frame
dot1x-ev(Gi1/0/3): Received pkt saddr =d4be.d95c.a825 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.000c
dot1x-packet(Gi1/0/3): Received an EAP packet
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x0 length: 0x000C
dot1x-packet(Gi1/0/3): Received an EAP packet from d4be.d95c.a825
dot1x-packet(Gi1/0/3): Received an unexpected EAP packet from d4be.d95c.a825
dot1x-sm(Gi1/0/3): Posting !AUTH_ABORT on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_connecting, got event 20(no_eapolLogoff_no_authAbort) (ignored)
dot1x-sm(Gi1/0/3): Posting RX_REQ on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
@@@ dot1x_auth Gi1/0/3: auth_connecting -> auth_authenticating
dot1x-sm(Gi1/0/3): 0x3A000022:auth_authenticating_enter called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_connecting_authenticating_action called
dot1x-sm(Gi1/0/3): Posting AUTH_START for 0x3A000022
dot1x_auth_bend Gi1/0/3: during state auth_bend_idle, got event 4(eapReq_authStart)
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_idle -> auth_bend_request
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_request_enter called
dot1x-ev(Gi1/0/3): Sending EAPOL packet to d4be.d95c.a825
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-registry:registry:dot1x_ether_macaddr called
dot1x-ev(Gi1/0/3): Sending out EAPOL packet
EAPOL pak dump Tx
EAPOL Version: 0x3 type: 0x0 length: 0x0005
EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
dot1x-packet(Gi1/0/3): EAPOL packet sent to client 0x3A000022 (d4be.d95c.a825)
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_idle_request_action called
dot1x-ev(Gi1/0/3): Role determination notrequired
dot1x-packet(Gi1/0/3): Queuing an EAPOL pkt on Authenticator Q
dot1x-ev:Enqueued the eapol packet to the global authenticator queue
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x0 length: 0x000C
dot1x-ev:dot1x_auth_queue_event: Int Gi1/0/3 CODE= 2,TYPE= 1,LEN= 12
dot1x-packet(Gi1/0/3): Received an EAPOL frame
dot1x-ev(Gi1/0/3): Received pkt saddr =d4be.d95c.a825 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.000c
dot1x-packet(Gi1/0/3): Received an EAP packet
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x0 length: 0x000C
dot1x-packet(Gi1/0/3): Received an EAP packet from d4be.d95c.a825
dot1x-sm(Gi1/0/3): Posting EAPOL_EAP for 0x3A000022
dot1x_auth_bend Gi1/0/3: during state auth_bend_request, got event 6(eapolEap)
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_request -> auth_bend_response
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_response_enter called
dot1x-ev(Gi1/0/3): dot1x_sendRespToServer: Response sent to the server from 0x3A000022 (d4be.d95c.a825)
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_request_response_action called
dot1x-ev(Gi1/0/3): Received an EAP Fail
dot1x-sm(Gi1/0/3): Posting EAP_FAIL for 0x3A000022
dot1x_auth_bend Gi1/0/3: during state auth_bend_response, got event 10(eapFail)
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_response -> auth_bend_fail
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_response_exit called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_fail_enter called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_response_fail_action called
dot1x_auth_bend Gi1/0/3: idle during state auth_bend_fail
@@@ dot1x_auth_bend Gi1/0/3: auth_bend_fail -> auth_bend_idle
dot1x-sm(Gi1/0/3): 0x3A000022:auth_bend_idle_enter called
dot1x-sm(Gi1/0/3): Posting AUTH_FAIL on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_authenticating, got event 15(authFail)
@@@ dot1x_auth Gi1/0/3: auth_authenticating -> auth_authc_result
dot1x-sm(Gi1/0/3): 0x3A000022:auth_authenticating_exit called
dot1x-sm(Gi1/0/3): 0x3A000022:auth_authc_result_enter called
%DOT1X-5-FAIL: Authentication failed for client (d4be.d95c.a825) on Interface Gi1/0/3 AuditSessionID 0A16640A0000001B002E60B2
dot1x-ev(Gi1/0/3): Sending event (2) to Auth Mgr for d4be.d95c.a825
%AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (d4be.d95c.a825) on Interface Gi1/0/3 AuditSessionID 0A16640A0000001B002E60B2
%AUTHMGR-5-FAIL: Authorization failed or unapplied for client (d4be.d95c.a825) on Interface Gi1/0/3 AuditSessionID 0A16640A0000001B002E60B2
dot1x-redundancy: State for client d4be.d95c.a825 successfully retrieved
dot1x-ev(Gi1/0/3): Received Authz fail for the client 0x3A000022 (d4be.d95c.a825)
dot1x-sm(Gi1/0/3): Posting_AUTHZ_FAIL on Client0x3A000022
dot1x_auth Gi1/0/3: during state auth_authc_result, got event 22(authzFail)
@@@ dot1x_auth Gi1/0/3: auth_authc_result -> auth_held
dot1x-sm(Gi1/0/3): 0x3A000022:auth_held_enter called
dot1x-ev(Gi1/0/3): Sending EAPOL packet to d4be.d95c.a825
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-registry:registry:dot1x_ether_macaddr called
dot1x-ev(Gi1/0/3): Sending out EAPOL packet
EAPOL pak dump Tx
EAPOL Version: 0x3 type: 0x0 length: 0x0004
EAP code: 0x4 id: 0x1 length: 0x0004
dot1x-packet(Gi1/0/3): EAPOL packet sent to client 0x3A000022 (d4be.d95c.a825)
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-packet(Gi1/0/3): queuing an EAPOL pkt on Auth Q
dot1x-ev:Enqueued the eapol packet to the global authenticator queue
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-ev:dot1x_auth_queue_event: Int Gi1/0/3 CODE= 0,TYPE= 0,LEN= 0
dot1x-packet(Gi1/0/3): Received an EAPOL frame
dot1x-ev(Gi1/0/3): Received pkt saddr =d4be.d95c.a825 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
dot1x-packet(Gi1/0/3): Received an EAPOL-Start packet
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-sm(Gi1/0/3): Posting EAPOL_START on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_held, got event 4(eapolStart) (ignored)
%LINK-3-UPDOWN: Interface GigabitEthernet1/0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/3, changed state to up
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-packet(Gi1/0/3): queuing an EAPOL pkt on Auth Q
dot1x-ev:Enqueued the eapol packet to the global authenticator queue
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-ev:dot1x_auth_queue_event: Int Gi1/0/3 CODE= 0,TYPE= 0,LEN= 0
dot1x-packet(Gi1/0/3): Received an EAPOL frame
dot1x-ev(Gi1/0/3): Received pkt saddr =d4be.d95c.a825 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
dot1x-packet(Gi1/0/3): Received an EAPOL-Start packet
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-sm(Gi1/0/3): Posting EAPOL_START on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_held, got event 4(eapolStart) (ignored)
dot1x-ev(Gi1/0/3): Role determination not required
dot1x-packet(Gi1/0/3): queuing an EAPOL pkt on Auth Q
dot1x-ev:Enqueued the eapol packet to the global authenticator queue
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-ev:dot1x_auth_queue_event: Int Gi1/0/3 CODE= 0,TYPE= 0,LEN= 0
dot1x-packet(Gi1/0/3): Received an EAPOL frame
dot1x-ev(Gi1/0/3): Received pkt saddr =d4be.d95c.a825 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
dot1x-packet(Gi1/0/3): Received an EAPOL-Start packet
EAPOL pak dump rx
EAPOL Version: 0x1 type: 0x1 length: 0x0000
dot1x-sm(Gi1/0/3): Posting EAPOL_START on Client 0x3A000022
dot1x_auth Gi1/0/3: during state auth_he
SWITCH#ld, got event 4(eapolStart) (ignored)
