802.1x issue: re-authentication occurs with no reason
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2007 02:39 AM - edited 03-10-2019 03:30 PM
Hi,
Although I do not have re-authentication enabled and no RADIUS time-out attributes are sent to the switchport, the switch suddenly, for no reason, triggers a reauthentication after a few minutes.
Sometimes after only one minute, other times it lasts for about 4 to 10 minutes ...
For testing, I only work with the internal Cisco PA-token.
When I debug dot1x-events on the switch, at the moment of the re-authentication, I receive this:
2w2d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required
on GigabitEthernet1/0/20.
2w2d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
2w2d: dot1x-ev:Received pkt saddr =0006.5b26.6024 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
2w2d: dot1x-ev:Sending create new context event to EAP for 0006.5b26.6024
2w2d: dot1x-ev:GigabitEthernet1/0/20:Sending EAPOL packet to group PAE address
2w2d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required
on GigabitEthernet1/0/20.
2w2d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet
1/0/20
...
Also, after (re)authentication, I'm almost always receiving the Healthy-state several times (2 or 3 times) within a few seconds in stead of 1 time. (i can see this in the passed authentication log).
Anyone has an idea what could be the reason?
- Labels:
-
AAA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2007 11:59 AM
Config?
