802.1x authorization while client is hibernated

sven.falk · ‎11-04-2014

Hi,

we run 802.1x in our LAN and it looks the authenticator tries to authorize Thin Clients who are in standby. This happens randomly almost every 10 minutes:

007083: Nov  4 05:35:13 cet: %DOT1X-5-FAIL: Authentication failed for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BA92754ADB
007084: Nov  4 05:35:13 cet: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BA92754ADB
007085: Nov  4 05:35:13 cet: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BA92754ADB
007086: Nov  4 05:47:28 cet: %DOT1X-5-FAIL: Authentication failed for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BC928081EC
007087: Nov  4 05:47:28 cet: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BC928081EC
007088: Nov  4 05:47:28 cet: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BC928081EC
007089: Nov  4 05:59:43 cet: %DOT1X-5-FAIL: Authentication failed for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BE928BB906
007090: Nov  4 05:59:43 cet: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BE928BB906
007091: Nov  4 05:59:43 cet: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015BE928BB906
007092: Nov  4 06:11:58 cet: %DOT1X-5-FAIL: Authentication failed for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015C09296F073
007093: Nov  4 06:11:58 cet: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015C09296F073
007094: Nov  4 06:11:58 cet: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015C09296F073
007095: Nov  4 06:24:13 cet: %DOT1X-5-FAIL: Authentication failed for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015C292A225FA
007096: Nov  4 06:24:13 cet: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015C292A225FA
007097: Nov  4 06:24:13 cet: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (2c9e.fc4e.7f73) on Interface Fa0/23 AuditSessionID 9FE8005A000015C292A225FA

Does anybody else experience this problem and has a fix for it?

Abhishek Pakrashi · ‎11-09-2014

Hi,

It looks like the supplicant is not responding to the EAP packets or those EAP packets which are sent from the supplicant are not reaching or being read by the authenticator. In order to understand if the supplicant is sending the packets, please check if the supplicant is correctly configured for EAP (whichever method is being used) and take a packet capture and check if for the protocol EAP, anything is sent from the authenticator or not.

sven.falk · ‎11-11-2014

Maybe it's not responding because it's in standby? Sniffing the traffic is not as easy as it sounds as it happens randomly on different locations. But I'll try to find one.

nspasov · ‎11-09-2014

What are the make and model of the clients? Also, what OS are they running?

sven.falk · ‎11-11-2014

OS is Windows 7, the client is a HP i610 Thinclient.

nspasov · ‎11-11-2014

I have seen this issue before. Couple of more questions:

1. What type of authentication are you using? (PEAP, EAP-TLS, etc)

2. Are you doing user or machine based authentication

3. Can you post screen shots of the supplicant configuration (All Tabs Please)