Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
792
Views
0
Helpful
0
Replies

802.1x NAC using Win2008 Radius for auth

lordbigsack
Level 1
Level 1

‎03-12-2013 09:32 AM - edited ‎03-10-2019 08:11 PM

HI, I have setup my 3550 to authenticate using radius to a win2008 NPS server.  I have set it up to use RADIUS for login and 802.1x.  The login works and I authenticate using my win AD credentials but when we try to authenticate using 802.1x we receive an access-rejest responce on the switch.

Below is my config and some outpuy

Mar 12 16:19:42.078: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.

Mar 12 16:19:42.078: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

Mar 12 16:19:42.078: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Mar 12 16:19:42.078: EAPOL pak dump rx

Mar 12 16:19:42.078: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:19:42.078: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/23 CODE= 0,TYPE= 0,LEN= 0

Mar 12 16:19:42.078: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23

Mar 12 16:19:42.078: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,

                    pae-ether-type = 888e.0101.0000

Mar 12 16:19:42.078: dot1x-ev:Created a client entry for the supplicant 406c.8f13.521a

Mar 12 16:19:42.078: dot1x-ev:Found the default authenticator instance on FastEthernet0/23

Mar 12 16:19:42.078: dot1x-registry:EAPOL traffic seen on FastEthernet0/23

Mar 12 16:19:42.078: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Fa0/23 is FALSE

Mar 12 16:19:42.078: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag set for the port  Fa0/23

Mar 12 16:19:42.078: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/23

Mar 12 16:19:42.078: EAPOL pak dump rx

Mar 12 16:19:42.078: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:19:42.082: dot1x-sm:Posting EAPOL_START on Client=2147268

Mar 12 16:19:42.082:     dot1x_auth Fa0/23: during state auth_authenticating, got event 4(eapolStart)

Mar 12 16:19:42.082: @@@ dot1x_auth Fa0/23: auth_authenticating -> auth_aborting

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authenticating_exit called

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_aborting_enter called

Mar 12 16:19:42.082: dot1x-sm:Posting AUTH_ABORT on Client=2147268

Mar 12 16:19:42.082:     dot1x_auth_bend Fa0/23: during state auth_bend_request, got event 1(authAbort)

Mar 12 16:19:42.082: @@@ dot1x_auth_bend Fa0/23: auth_bend_request -> auth_bend_initialize

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_initialize_enter called

Mar 12 16:19:42.082:     dot1x_auth_bend Fa0/23: idle during state auth_bend_initialize

Mar 12 16:19:42.082: @@@ dot1x_auth_bend Fa0/23: auth_bend_initialize -> auth_bend_idle

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_idle_enter called

Mar 12 16:19:42.082: dot1x-sm:Posting !AUTH_ABORT on Client=2147268

Mar 12 16:19:42.082:     dot1x_auth Fa0/23: during state auth_aborting, got event 21(no_eapolLogoff_no_authAbort)

Mar 12 16:19:42.082: @@@ dot1x_auth Fa0/23: auth_aborting -> auth_restart

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_aborting_exit called

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_restart_enter called

Mar 12 16:19:42.082: dot1x-ev:Sending create new context event to EAP for 406c.8f13.521a

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_aborting_restart_action called

Mar 12 16:19:42.082: dot1x-sm:Posting !EAP_RESTART on Client=2147268

Mar 12 16:19:42.082:     dot1x_auth Fa0/23: during state auth_restart, got event 6(no_eapRestart)

Mar 12 16:19:42.082: @@@ dot1x_auth Fa0/23: auth_restart -> auth_connecting

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_connecting_enter called

Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_restart_connecting_action called

Mar 12 16:19:42.086: dot1x-packet:Received an EAP request packet from EAP for mac 406c.8f13.521a

Mar 12 16:19:42.086: dot1x-sm:Posting RX_REQ on Client=2147268

Mar 12 16:19:42.086:     dot1x_auth Fa0/23: during state auth_connecting, got event 11(eapReq_no_reAuthMax)

Mar 12 16:19:42.086: @@@ dot1x_auth Fa0/23: auth_connecting -> auth_authenticating

Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authenticating_enter called

Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_connecting_authenticating_action called

Mar 12 16:19:42.086: dot1x-sm:Posting AUTH_START on Client=2147268

Mar 12 16:19:42.086:     dot1x_auth_bend Fa0/23: during state auth_bend_idle, got event 4(eapReq_authStart)

Mar 12 16:19:42.086: @@@ dot1x_auth_bend Fa0/23: auth_bend_idle -> auth_bend_request

Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_request_enter called

Mar 12 16:19:42.086: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:

Mar 12 16:19:42.086: dot1x-ev:FastEthernet0/23:Sending EAPOL packet to group PAE address

Mar 12 16:19:42.086: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.

Mar 12 16:19:42.086: dot1x-registry:registry:dot1x_ether_macaddr called

Mar 12 16:19:42.086: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/23

Mar 12 16:19:42.086: EAPOL pak dump Tx

Mar 12 16:19:42.086: EAPOL Version: 0x2  type: 0x0  length: 0x0005

Mar 12 16:19:42.086: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1

Mar 12 16:19:42.086: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (406c.8f13.521a)

Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_idle_request_action called

Mar 12 16:19:42.090: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.

Mar 12 16:19:42.090: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

Mar 12 16:19:42.090: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Mar 12 16:19:42.090: EAPOL pak dump rx

Mar 12 16:19:42.090: EAPOL Version: 0x1  type: 0x0  length: 0x000D

Mar 12 16:19:42.090: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/23 CODE= 2,TYPE= 1,LEN= 13

Mar 12 16:19:42.090: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23

Mar 12 16:19:42.090: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,

                    pae-ether-type = 888e.0100.000d

Mar 12 16:19:42.090: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Fa0/23 is TRUE

Mar 12 16:19:42.090: dot1x-packet:Received an EAP packet on interface FastEthernet0/23

Mar 12 16:19:42.090: EAPOL pak dump rx

Mar 12 16:19:42.090: EAPOL Version: 0x1  type: 0x0  length: 0x000D

Mar 12 16:19:42.090: dot1x-packet:Received an EAP packet on the FastEthernet0/23 from mac 406c.8f13.521a

Mar 12 16:19:42.090: dot1x-sm:Posting EAPOL_EAP on Client=2147268

Mar 12 16:19:42.090:     dot1x_auth_bend Fa0/23: during state auth_bend_request, got event 6(eapolEap)

Mar 12 16:19:42.094: @@@ dot1x_auth_bend Fa0/23: auth_bend_request -> auth_bend_response

Mar 12 16:19:42.094: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_response_enter called

Mar 12 16:19:42.094: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 406c.8f13.521a

Mar 12 16:19:42.094: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_request_response_action called

Mar 12 16:19:42.094: RADIUS/ENCODE(0000002F):Orig. component type = DOT1X

Mar 12 16:19:42.094: RADIUS:  AAA Unsupported Attr: audit-session-id  [599] 24

Mar 12 16:19:42.094: RADIUS:   41 43 31 30 30 33 39 30 30 30 30 30 30 30 31 46  [AC1003900000001F]

Mar 12 16:19:42.094: RADIUS:   30 31 38 41 45 37            [ 018AE7]

Mar 12 16:19:42.094: RADIUS:  AAA Unsupported Attr: interface         [170] 16

Mar 12 16:19:42.098: RADIUS:   46 61 73 74 45 74 68 65 72 6E 65 74 30 2F    [ FastEthernet0/]

Mar 12 16:19:42.098: RADIUS(0000002F): Config NAS IP: 0.0.0.0

Mar 12 16:19:42.098: RADIUS/ENCODE(0000002F): acct_session_id: 46

Mar 12 16:19:42.098: RADIUS(0000002F): sending

Mar 12 16:19:42.098: RADIUS/ENCODE: Best Local IP-Address 172.16.3.144 for Radius-Server 172.16.140.100

Mar 12 16:19:42.098: RADIUS(0000002F): Send Access-Request to 172.16.140.100:1645 id 1645/28, len 149

Mar 12 16:19:42.098: RADIUS:  authenticator C9 DF DF 9A 56 28 20 90 - 2A 7F 95 B3 7D 5A E5 74

Mar 12 16:19:42.098: RADIUS:  User-Name           [1]   10  "coultiss"

Mar 12 16:19:42.098: RADIUS:  Service-Type        [6]   6   Framed                    [2]

Mar 12 16:19:42.098: RADIUS:  Framed-MTU          [12]  6   1500

Mar 12 16:19:42.098: RADIUS:  Called-Station-Id   [30]  19  "00-0B-46-4D-5D-97"

Mar 12 16:19:42.098: RADIUS:  Calling-Station-Id  [31]  19  "40-6C-8F-13-52-1A"

Mar 12 16:19:42.098: RADIUS:  EAP-Message         [79]  15

Mar 12 16:19:42.098: RADIUS:   02 02 00 0D 01 63 6F 75 6C 74 69 73 73          [ lappy]

Mar 12 16:19:42.098: RADIUS:  Message-Authenticato[80]  18

Mar 12 16:19:42.102: RADIUS:   E4 09 C1 E0 41 90 A3 9B EE 46 6F 08 B5 29 A9 68             [ AFo)h]

Mar 12 16:19:42.102: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

Mar 12 16:19:42.102: RADIUS:  NAS-Port            [5]   6   50023

Mar 12 16:19:42.102: RADIUS:  NAS-Port-Id         [87]  18  "FastEthernet0/23"

Mar 12 16:19:42.102: RADIUS:  NAS-IP-Address      [4]   6   172.16.3.144

Mar 12 16:19:42.258: RADIUS: Received from id 1645/28 172.16.140.100:1645, Access-Reject, len 44

Mar 12 16:19:42.258: RADIUS:  authenticator C9 74 EC D5 27 4B 1B 4D - 5D C9 89 5B 9C 0F 50 58

Mar 12 16:19:42.258: RADIUS:  EAP-Message         [79]  6

Mar 12 16:19:42.258: RADIUS:   04 02 00 04

Mar 12 16:19:42.258: RADIUS:  Message-Authenticato[80]  18

Mar 12 16:19:42.258: RADIUS:   3D 42 A2 D3 AB F7 F7 B5 5C A5 55 FB 3F 89 10 9B             [ =B\U?]

Mar 12 16:19:42.258: RADIUS(0000002F): Received from id 1645/28

Mar 12 16:19:42.258: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

Mar 12 16:19:42.262: dot1x-ev:Authorization data for client 406c.8f13.521a has been reset on FastEthernet0/23

Mar 12 16:19:42.262: dot1x-ev:Received an EAP Fail on FastEthernet0/23 for mac 406c.8f13.521a

Mar 12 16:19:42.262: dot1x-sm:Posting EAP_FAIL on Client=2147268

Mar 12 16:19:42.262:     dot1x_auth_bend Fa0/23: during state auth_bend_response, got event 10(eapFail)

Mar 12 16:19:42.262: @@@ dot1x_auth_bend Fa0/23: auth_bend_response -> auth_bend_fail

Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_response_exit called

Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_fail_enter called

Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_response_fail_action called

Mar 12 16:19:42.262:     dot1x_auth_bend Fa0/23: idle during state auth_bend_fail

Mar 12 16:19:42.262: @@@ dot1x_auth_bend Fa0/23: auth_bend_fail -> auth_bend_idle

Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_idle_enter called

Mar 12 16:19:42.262: dot1x-sm:Posting AUTH_FAIL on Client=2147268

Mar 12 16:19:42.262:     dot1x_auth Fa0/23: during state auth_authenticating, got event 16(authFail)

Mar 12 16:19:42.262: @@@ dot1x_auth Fa0/23: auth_authenticating -> auth_authc_result

Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authenticating_exit called

Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authc_result_enter called

Mar 12 16:19:42.262: dot1x-sm:Posting AUTHC_FAIL on Client=2147268

Mar 12 16:19:42.262:     dot1x_auth Fa0/23: during state auth_authc_result, got event 24(authcFail)

Mar 12 16:19:42.262: @@@ dot1x_auth Fa0/23: auth_authc_result -> auth_held

Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_held_enter called

Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_authz_fail: Called for FastEthernet0/23 and 406c.8f13.521a

Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/23

Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/23

Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_addr_remove: Did not locate HA entry for MAC 406c.8f13.521a on interface FastEthernet0/23

Mar 12 16:19:42.266: dot1x-ev:dot1x_vlan_assign_authz_fail on interface FastEthernet0/23

Mar 12 16:19:42.266: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x4  id: 0x2  length: 0x0004 type: 0x0  data:

Mar 12 16:19:42.266: dot1x-ev:FastEthernet0/23:Sending EAPOL packet to group PAE address

Mar 12 16:19:42.266: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.

Mar 12 16:19:42.266: dot1x-registry:registry:dot1x_ether_macaddr called

Mar 12 16:19:42.266: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/23

Mar 12 16:19:42.266: EAPOL pak dump Tx

Mar 12 16:19:42.266: EAPOL Version: 0x2  type: 0x0  length: 0x0004

Mar 12 16:19:42.266: EAP code: 0x4  id: 0x2  length: 0x0004

Mar 12 16:19:42.266: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (406c.8f13.521a)

Mar 12 16:19:43.074: %LINK-3-UPDOWN: Interface FastEthernet0/23, changed state to up

Mar 12 16:19:47.478: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.

Mar 12 16:19:47.478: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

Mar 12 16:19:47.478: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Mar 12 16:19:47.482: EAPOL pak dump rx

Mar 12 16:19:47.482: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:19:47.482: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/23 CODE= 0,TYPE= 0,LEN= 0

Mar 12 16:19:47.482: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23

Mar 12 16:19:47.482: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,

                    pae-ether-type = 888e.0101.0000

Mar 12 16:19:47.482: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Fa0/23 is TRUE

Mar 12 16:19:47.482: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/23

Mar 12 16:19:47.482: EAPOL pak dump rx

Mar 12 16:19:47.482: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:19:47.482: dot1x-sm:Posting EAPOL_START on Client=2147268

Mar 12 16:19:47.482:     dot1x_auth Fa0/23: during state auth_held, got event 4(eapolStart) (ignored)

Mar 12 16:19:51.278: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.

Mar 12 16:19:51.278: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

Mar 12 16:19:51.278: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Mar 12 16:19:51.278: EAPOL pak dump rx

Mar 12 16:19:51.278: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:19:51.278: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/23 CODE= 0,TYPE= 0,LEN= 0

Mar 12 16:19:51.278: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23

Mar 12 16:19:51.278: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,

                    pae-ether-type = 888e.0101.0000

Mar 12 16:19:51.278: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Fa0/23 is TRUE

Mar 12 16:19:51.278: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/23

Mar 12 16:19:51.278: EAPOL pak dump rx

Mar 12 16:19:51.282: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:19:51.282: dot1x-sm:Posting EAPOL_START on Client=2147268

Mar 12 16:19:51.282:     dot1x_auth Fa0/23: during state auth_held, got event 4(eapolStart) (ignored)

Mar 12 16:20:10.878: dot1x-registry:dot1x_switch_port_physical_linkchange invoked on interface Fa0/23

Mar 12 16:20:10.878: dot1x-ev:

dot1x_switch_sb_vp_errdisable_set: setting Fa0/23 domain 1 to errdisabled

Mar 12 16:20:10.882: dot1x-ev:

dot1x_switch_sb_vp_errdisable_set: setting Fa0/23 domain 2 to errdisabled

Mar 12 16:20:10.882: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/23 has changed to DOWN

Mar 12 16:20:10.882: dot1x-ev:Cleared all authenticator instances on FastEthernet0/23

Mar 12 16:20:10.882: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/23

Mar 12 16:20:10.882: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/23

Mar 12 16:20:10.882: dot1x-ev:dot1x_switch_addr_remove: Did not locate HA entry for MAC 406c.8f13.521a on interface FastEthernet0/23

Mar 12 16:20:10.882: dot1x-ev:dot1x_vlan_assign_client_deleted for 406c.8f13.521a on interface FastEthernet0/23

Mar 12 16:20:10.882: dot1x-ev:dot1x_vlan_assign_client_deleted: Ignoring client 406c.8f13.521a on FastEthernet0/23, domain is data

Mar 12 16:20:12.878: %LINK-3-UPDOWN: Interface FastEthernet0/23, changed state to down

Mar 12 16:20:13.966: dot1x-registry:dot1x_switch_port_linkcomingup invoked on interface Fa0/3

Mar 12 16:20:13.966: dot1x-registry:** dot1x_switch_vp_statechange:

Mar 12 16:20:13.966: dot1x-ev:ignored vlan 810 vp is added on interface FastEthernet0/3

Mar 12 16:20:13.966: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/3

Mar 12 16:20:13.966: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/3

Mar 12 16:20:14.974: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.

Mar 12 16:20:14.978: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

Mar 12 16:20:14.978: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Mar 12 16:20:14.978: EAPOL pak dump rx

Mar 12 16:20:14.978: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:20:14.978: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/3 CODE= 0,TYPE= 0,LEN= 0

Mar 12 16:20:14.978: dot1x-ev:Dot1x Packets are not expected oninterface FastEthernet0/3, no Dot1x subblock found

Mar 12 16:20:15.962: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to up

Mar 12 16:20:16.962: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

Mar 12 16:20:44.974: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.

Mar 12 16:20:44.974: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

Mar 12 16:20:44.974: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Mar 12 16:20:44.974: EAPOL pak dump rx

Mar 12 16:20:44.974: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:20:44.974: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/3 CODE= 0,TYPE= 0,LEN= 0

Mar 12 16:20:44.974: dot1x-ev:Dot1x Packets are not expected oninterface FastEthernet0/3, no Dot1x subblock found

Mar 12 16:21:14.974: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.

Mar 12 16:21:14.974: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

Mar 12 16:21:14.974: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Mar 12 16:21:14.974: EAPOL pak dump rx

Mar 12 16:21:14.974: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Mar 12 16:21:14.974: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/3 CODE= 0,TYPE= 0,LEN= 0

Mar 12 16:21:14.974: dot1x-ev:Dot1x Packets are not expected oninterface FastEthernet0/3, no Dot1x subblock foundMarMar

aaa new-model

aaa authentication login RAD-AUTH group radius local

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa session-id common

dot1x system-auth-control

dot1x guest-vlan supplicant

interface FastEthernet0/23

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x violation-mode protect

end

any ideas on the fails?

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents