- Cisco Community
- Technology and Support
- Security
- Network Access Control
- 802.1x NAC using Win2008 Radius for auth
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
802.1x NAC using Win2008 Radius for auth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2013 09:32 AM - edited 03-10-2019 08:11 PM
HI, I have setup my 3550 to authenticate using radius to a win2008 NPS server. I have set it up to use RADIUS for login and 802.1x. The login works and I authenticate using my win AD credentials but when we try to authenticate using 802.1x we receive an access-rejest responce on the switch.
Below is my config and some outpuy
Mar 12 16:19:42.078: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.
Mar 12 16:19:42.078: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
Mar 12 16:19:42.078: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 12 16:19:42.078: EAPOL pak dump rx
Mar 12 16:19:42.078: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:19:42.078: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/23 CODE= 0,TYPE= 0,LEN= 0
Mar 12 16:19:42.078: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23
Mar 12 16:19:42.078: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
Mar 12 16:19:42.078: dot1x-ev:Created a client entry for the supplicant 406c.8f13.521a
Mar 12 16:19:42.078: dot1x-ev:Found the default authenticator instance on FastEthernet0/23
Mar 12 16:19:42.078: dot1x-registry:EAPOL traffic seen on FastEthernet0/23
Mar 12 16:19:42.078: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/23 is FALSE
Mar 12 16:19:42.078: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag set for the port Fa0/23
Mar 12 16:19:42.078: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/23
Mar 12 16:19:42.078: EAPOL pak dump rx
Mar 12 16:19:42.078: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:19:42.082: dot1x-sm:Posting EAPOL_START on Client=2147268
Mar 12 16:19:42.082: dot1x_auth Fa0/23: during state auth_authenticating, got event 4(eapolStart)
Mar 12 16:19:42.082: @@@ dot1x_auth Fa0/23: auth_authenticating -> auth_aborting
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authenticating_exit called
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_aborting_enter called
Mar 12 16:19:42.082: dot1x-sm:Posting AUTH_ABORT on Client=2147268
Mar 12 16:19:42.082: dot1x_auth_bend Fa0/23: during state auth_bend_request, got event 1(authAbort)
Mar 12 16:19:42.082: @@@ dot1x_auth_bend Fa0/23: auth_bend_request -> auth_bend_initialize
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_initialize_enter called
Mar 12 16:19:42.082: dot1x_auth_bend Fa0/23: idle during state auth_bend_initialize
Mar 12 16:19:42.082: @@@ dot1x_auth_bend Fa0/23: auth_bend_initialize -> auth_bend_idle
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_idle_enter called
Mar 12 16:19:42.082: dot1x-sm:Posting !AUTH_ABORT on Client=2147268
Mar 12 16:19:42.082: dot1x_auth Fa0/23: during state auth_aborting, got event 21(no_eapolLogoff_no_authAbort)
Mar 12 16:19:42.082: @@@ dot1x_auth Fa0/23: auth_aborting -> auth_restart
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_aborting_exit called
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_restart_enter called
Mar 12 16:19:42.082: dot1x-ev:Sending create new context event to EAP for 406c.8f13.521a
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_aborting_restart_action called
Mar 12 16:19:42.082: dot1x-sm:Posting !EAP_RESTART on Client=2147268
Mar 12 16:19:42.082: dot1x_auth Fa0/23: during state auth_restart, got event 6(no_eapRestart)
Mar 12 16:19:42.082: @@@ dot1x_auth Fa0/23: auth_restart -> auth_connecting
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_connecting_enter called
Mar 12 16:19:42.082: dot1x-sm:Fa0/23:406c.8f13.521a:auth_restart_connecting_action called
Mar 12 16:19:42.086: dot1x-packet:Received an EAP request packet from EAP for mac 406c.8f13.521a
Mar 12 16:19:42.086: dot1x-sm:Posting RX_REQ on Client=2147268
Mar 12 16:19:42.086: dot1x_auth Fa0/23: during state auth_connecting, got event 11(eapReq_no_reAuthMax)
Mar 12 16:19:42.086: @@@ dot1x_auth Fa0/23: auth_connecting -> auth_authenticating
Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authenticating_enter called
Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_connecting_authenticating_action called
Mar 12 16:19:42.086: dot1x-sm:Posting AUTH_START on Client=2147268
Mar 12 16:19:42.086: dot1x_auth_bend Fa0/23: during state auth_bend_idle, got event 4(eapReq_authStart)
Mar 12 16:19:42.086: @@@ dot1x_auth_bend Fa0/23: auth_bend_idle -> auth_bend_request
Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_request_enter called
Mar 12 16:19:42.086: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
Mar 12 16:19:42.086: dot1x-ev:FastEthernet0/23:Sending EAPOL packet to group PAE address
Mar 12 16:19:42.086: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.
Mar 12 16:19:42.086: dot1x-registry:registry:dot1x_ether_macaddr called
Mar 12 16:19:42.086: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/23
Mar 12 16:19:42.086: EAPOL pak dump Tx
Mar 12 16:19:42.086: EAPOL Version: 0x2 type: 0x0 length: 0x0005
Mar 12 16:19:42.086: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
Mar 12 16:19:42.086: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (406c.8f13.521a)
Mar 12 16:19:42.086: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_idle_request_action called
Mar 12 16:19:42.090: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.
Mar 12 16:19:42.090: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
Mar 12 16:19:42.090: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 12 16:19:42.090: EAPOL pak dump rx
Mar 12 16:19:42.090: EAPOL Version: 0x1 type: 0x0 length: 0x000D
Mar 12 16:19:42.090: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/23 CODE= 2,TYPE= 1,LEN= 13
Mar 12 16:19:42.090: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23
Mar 12 16:19:42.090: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.000d
Mar 12 16:19:42.090: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/23 is TRUE
Mar 12 16:19:42.090: dot1x-packet:Received an EAP packet on interface FastEthernet0/23
Mar 12 16:19:42.090: EAPOL pak dump rx
Mar 12 16:19:42.090: EAPOL Version: 0x1 type: 0x0 length: 0x000D
Mar 12 16:19:42.090: dot1x-packet:Received an EAP packet on the FastEthernet0/23 from mac 406c.8f13.521a
Mar 12 16:19:42.090: dot1x-sm:Posting EAPOL_EAP on Client=2147268
Mar 12 16:19:42.090: dot1x_auth_bend Fa0/23: during state auth_bend_request, got event 6(eapolEap)
Mar 12 16:19:42.094: @@@ dot1x_auth_bend Fa0/23: auth_bend_request -> auth_bend_response
Mar 12 16:19:42.094: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_response_enter called
Mar 12 16:19:42.094: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 406c.8f13.521a
Mar 12 16:19:42.094: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_request_response_action called
Mar 12 16:19:42.094: RADIUS/ENCODE(0000002F):Orig. component type = DOT1X
Mar 12 16:19:42.094: RADIUS: AAA Unsupported Attr: audit-session-id [599] 24
Mar 12 16:19:42.094: RADIUS: 41 43 31 30 30 33 39 30 30 30 30 30 30 30 31 46 [AC1003900000001F]
Mar 12 16:19:42.094: RADIUS: 30 31 38 41 45 37 [ 018AE7]
Mar 12 16:19:42.094: RADIUS: AAA Unsupported Attr: interface [170] 16
Mar 12 16:19:42.098: RADIUS: 46 61 73 74 45 74 68 65 72 6E 65 74 30 2F [ FastEthernet0/]
Mar 12 16:19:42.098: RADIUS(0000002F): Config NAS IP: 0.0.0.0
Mar 12 16:19:42.098: RADIUS/ENCODE(0000002F): acct_session_id: 46
Mar 12 16:19:42.098: RADIUS(0000002F): sending
Mar 12 16:19:42.098: RADIUS/ENCODE: Best Local IP-Address 172.16.3.144 for Radius-Server 172.16.140.100
Mar 12 16:19:42.098: RADIUS(0000002F): Send Access-Request to 172.16.140.100:1645 id 1645/28, len 149
Mar 12 16:19:42.098: RADIUS: authenticator C9 DF DF 9A 56 28 20 90 - 2A 7F 95 B3 7D 5A E5 74
Mar 12 16:19:42.098: RADIUS: User-Name [1] 10 "coultiss"
Mar 12 16:19:42.098: RADIUS: Service-Type [6] 6 Framed [2]
Mar 12 16:19:42.098: RADIUS: Framed-MTU [12] 6 1500
Mar 12 16:19:42.098: RADIUS: Called-Station-Id [30] 19 "00-0B-46-4D-5D-97"
Mar 12 16:19:42.098: RADIUS: Calling-Station-Id [31] 19 "40-6C-8F-13-52-1A"
Mar 12 16:19:42.098: RADIUS: EAP-Message [79] 15
Mar 12 16:19:42.098: RADIUS: 02 02 00 0D 01 63 6F 75 6C 74 69 73 73 [ lappy]
Mar 12 16:19:42.098: RADIUS: Message-Authenticato[80] 18
Mar 12 16:19:42.102: RADIUS: E4 09 C1 E0 41 90 A3 9B EE 46 6F 08 B5 29 A9 68 [ AFo)h]
Mar 12 16:19:42.102: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Mar 12 16:19:42.102: RADIUS: NAS-Port [5] 6 50023
Mar 12 16:19:42.102: RADIUS: NAS-Port-Id [87] 18 "FastEthernet0/23"
Mar 12 16:19:42.102: RADIUS: NAS-IP-Address [4] 6 172.16.3.144
Mar 12 16:19:42.258: RADIUS: Received from id 1645/28 172.16.140.100:1645, Access-Reject, len 44
Mar 12 16:19:42.258: RADIUS: authenticator C9 74 EC D5 27 4B 1B 4D - 5D C9 89 5B 9C 0F 50 58
Mar 12 16:19:42.258: RADIUS: EAP-Message [79] 6
Mar 12 16:19:42.258: RADIUS: 04 02 00 04
Mar 12 16:19:42.258: RADIUS: Message-Authenticato[80] 18
Mar 12 16:19:42.258: RADIUS: 3D 42 A2 D3 AB F7 F7 B5 5C A5 55 FB 3F 89 10 9B [ =B\U?]
Mar 12 16:19:42.258: RADIUS(0000002F): Received from id 1645/28
Mar 12 16:19:42.258: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Mar 12 16:19:42.262: dot1x-ev:Authorization data for client 406c.8f13.521a has been reset on FastEthernet0/23
Mar 12 16:19:42.262: dot1x-ev:Received an EAP Fail on FastEthernet0/23 for mac 406c.8f13.521a
Mar 12 16:19:42.262: dot1x-sm:Posting EAP_FAIL on Client=2147268
Mar 12 16:19:42.262: dot1x_auth_bend Fa0/23: during state auth_bend_response, got event 10(eapFail)
Mar 12 16:19:42.262: @@@ dot1x_auth_bend Fa0/23: auth_bend_response -> auth_bend_fail
Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_response_exit called
Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_fail_enter called
Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_response_fail_action called
Mar 12 16:19:42.262: dot1x_auth_bend Fa0/23: idle during state auth_bend_fail
Mar 12 16:19:42.262: @@@ dot1x_auth_bend Fa0/23: auth_bend_fail -> auth_bend_idle
Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_bend_idle_enter called
Mar 12 16:19:42.262: dot1x-sm:Posting AUTH_FAIL on Client=2147268
Mar 12 16:19:42.262: dot1x_auth Fa0/23: during state auth_authenticating, got event 16(authFail)
Mar 12 16:19:42.262: @@@ dot1x_auth Fa0/23: auth_authenticating -> auth_authc_result
Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authenticating_exit called
Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_authc_result_enter called
Mar 12 16:19:42.262: dot1x-sm:Posting AUTHC_FAIL on Client=2147268
Mar 12 16:19:42.262: dot1x_auth Fa0/23: during state auth_authc_result, got event 24(authcFail)
Mar 12 16:19:42.262: @@@ dot1x_auth Fa0/23: auth_authc_result -> auth_held
Mar 12 16:19:42.262: dot1x-sm:Fa0/23:406c.8f13.521a:auth_held_enter called
Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_authz_fail: Called for FastEthernet0/23 and 406c.8f13.521a
Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/23
Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/23
Mar 12 16:19:42.262: dot1x-ev:dot1x_switch_addr_remove: Did not locate HA entry for MAC 406c.8f13.521a on interface FastEthernet0/23
Mar 12 16:19:42.266: dot1x-ev:dot1x_vlan_assign_authz_fail on interface FastEthernet0/23
Mar 12 16:19:42.266: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x4 id: 0x2 length: 0x0004 type: 0x0 data:
Mar 12 16:19:42.266: dot1x-ev:FastEthernet0/23:Sending EAPOL packet to group PAE address
Mar 12 16:19:42.266: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.
Mar 12 16:19:42.266: dot1x-registry:registry:dot1x_ether_macaddr called
Mar 12 16:19:42.266: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/23
Mar 12 16:19:42.266: EAPOL pak dump Tx
Mar 12 16:19:42.266: EAPOL Version: 0x2 type: 0x0 length: 0x0004
Mar 12 16:19:42.266: EAP code: 0x4 id: 0x2 length: 0x0004
Mar 12 16:19:42.266: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (406c.8f13.521a)
Mar 12 16:19:43.074: %LINK-3-UPDOWN: Interface FastEthernet0/23, changed state to up
Mar 12 16:19:47.478: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.
Mar 12 16:19:47.478: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
Mar 12 16:19:47.478: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 12 16:19:47.482: EAPOL pak dump rx
Mar 12 16:19:47.482: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:19:47.482: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/23 CODE= 0,TYPE= 0,LEN= 0
Mar 12 16:19:47.482: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23
Mar 12 16:19:47.482: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
Mar 12 16:19:47.482: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/23 is TRUE
Mar 12 16:19:47.482: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/23
Mar 12 16:19:47.482: EAPOL pak dump rx
Mar 12 16:19:47.482: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:19:47.482: dot1x-sm:Posting EAPOL_START on Client=2147268
Mar 12 16:19:47.482: dot1x_auth Fa0/23: during state auth_held, got event 4(eapolStart) (ignored)
Mar 12 16:19:51.278: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/23.
Mar 12 16:19:51.278: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
Mar 12 16:19:51.278: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 12 16:19:51.278: EAPOL pak dump rx
Mar 12 16:19:51.278: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:19:51.278: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/23 CODE= 0,TYPE= 0,LEN= 0
Mar 12 16:19:51.278: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/23
Mar 12 16:19:51.278: dot1x-ev:Received pkt saddr =406c.8f13.521a , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
Mar 12 16:19:51.278: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/23 is TRUE
Mar 12 16:19:51.278: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/23
Mar 12 16:19:51.278: EAPOL pak dump rx
Mar 12 16:19:51.282: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:19:51.282: dot1x-sm:Posting EAPOL_START on Client=2147268
Mar 12 16:19:51.282: dot1x_auth Fa0/23: during state auth_held, got event 4(eapolStart) (ignored)
Mar 12 16:20:10.878: dot1x-registry:dot1x_switch_port_physical_linkchange invoked on interface Fa0/23
Mar 12 16:20:10.878: dot1x-ev:
dot1x_switch_sb_vp_errdisable_set: setting Fa0/23 domain 1 to errdisabled
Mar 12 16:20:10.882: dot1x-ev:
dot1x_switch_sb_vp_errdisable_set: setting Fa0/23 domain 2 to errdisabled
Mar 12 16:20:10.882: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/23 has changed to DOWN
Mar 12 16:20:10.882: dot1x-ev:Cleared all authenticator instances on FastEthernet0/23
Mar 12 16:20:10.882: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/23
Mar 12 16:20:10.882: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/23
Mar 12 16:20:10.882: dot1x-ev:dot1x_switch_addr_remove: Did not locate HA entry for MAC 406c.8f13.521a on interface FastEthernet0/23
Mar 12 16:20:10.882: dot1x-ev:dot1x_vlan_assign_client_deleted for 406c.8f13.521a on interface FastEthernet0/23
Mar 12 16:20:10.882: dot1x-ev:dot1x_vlan_assign_client_deleted: Ignoring client 406c.8f13.521a on FastEthernet0/23, domain is data
Mar 12 16:20:12.878: %LINK-3-UPDOWN: Interface FastEthernet0/23, changed state to down
Mar 12 16:20:13.966: dot1x-registry:dot1x_switch_port_linkcomingup invoked on interface Fa0/3
Mar 12 16:20:13.966: dot1x-registry:** dot1x_switch_vp_statechange:
Mar 12 16:20:13.966: dot1x-ev:ignored vlan 810 vp is added on interface FastEthernet0/3
Mar 12 16:20:13.966: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/3
Mar 12 16:20:13.966: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/3
Mar 12 16:20:14.974: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.
Mar 12 16:20:14.978: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
Mar 12 16:20:14.978: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 12 16:20:14.978: EAPOL pak dump rx
Mar 12 16:20:14.978: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:20:14.978: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/3 CODE= 0,TYPE= 0,LEN= 0
Mar 12 16:20:14.978: dot1x-ev:Dot1x Packets are not expected oninterface FastEthernet0/3, no Dot1x subblock found
Mar 12 16:20:15.962: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to up
Mar 12 16:20:16.962: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
Mar 12 16:20:44.974: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.
Mar 12 16:20:44.974: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
Mar 12 16:20:44.974: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 12 16:20:44.974: EAPOL pak dump rx
Mar 12 16:20:44.974: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:20:44.974: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/3 CODE= 0,TYPE= 0,LEN= 0
Mar 12 16:20:44.974: dot1x-ev:Dot1x Packets are not expected oninterface FastEthernet0/3, no Dot1x subblock found
Mar 12 16:21:14.974: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.
Mar 12 16:21:14.974: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
Mar 12 16:21:14.974: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 12 16:21:14.974: EAPOL pak dump rx
Mar 12 16:21:14.974: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 12 16:21:14.974: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/3 CODE= 0,TYPE= 0,LEN= 0
Mar 12 16:21:14.974: dot1x-ev:Dot1x Packets are not expected oninterface FastEthernet0/3, no Dot1x subblock foundMarMar
aaa new-model
aaa authentication login RAD-AUTH group radius local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa session-id common
dot1x system-auth-control
dot1x guest-vlan supplicant
interface FastEthernet0/23
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
end
any ideas on the fails?
- Labels:
-
AAA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide