Solved: Re: 802.1x Empty userId

ramiro_ortiz · ‎10-11-2005

Hi,

I´m studying the behaviour of the 802.1x protocol working in a Windows environment with IAS and AD activated.

I´m using Windows 2000/XP 802.1x clients to perform the tests.

As I check the option "Authenticate the user as guest when the credentials are unavailable" in the client and I´m not able to get authorized. I watch the trace in the CAT 2950 switch and I get the message 'dot1x event - empty userid'. The client´s request is not forwarded to the RADIUS server and at the end the client is unauthorized.

First I thought of configuring the IAS server with a rule to bring these anonymous users in a quarantine VLAN and perform further actions with these clients. No way, the request don´t get to the RADIUS.

The other option that I managed was to take these users to the guest VLAN but I think this is not possible either. I have got similar problem with users with invalid credentials.

Is this the correct or expectable behaviour of the switch?

Any idea to take uknown users to a controlled or quarantine VLAN?

Thanks in advance.

Ramiro Ortiz

jafrazie · ‎10-11-2005

This is a bug.

The anatomy of which is when the switch doesn't forward EAP when EAPOL(802.1x) arrives at it with NULL credentials as part of the initial EAP-Identity-Response frame.

Please see CSCsb82422.

Hope this helps,

View solution in original post

jafrazie · ‎10-11-2005

This is a bug.

The anatomy of which is when the switch doesn't forward EAP when EAPOL(802.1x) arrives at it with NULL credentials as part of the initial EAP-Identity-Response frame.

Please see CSCsb82422.

Hope this helps,

ramiro_ortiz · ‎10-13-2005

Thanks a lot for your quick response.

I´ve noticed the bug has recently changed from the assigned to the resolved status.

Have you got any idea about how long will it take the new release to be available? I´ve downloaded the latest one 12.1(22)EA5a (September 22th) but it´s not corrected yet.

Thanks again.

Bye.