06-04-2013 05:19 AM - edited 03-10-2019 08:30 PM
Hello.
Sorry for my bad english.
Environment
supplicant: Windows 7 x86_64 with computer certificate
authenticator: catalyst c2960s ios 150-2.SE2
authentication server: 2x - Windows server 2012 NPS
authentication method: EAP-TLS
Switch configuration
interface GigabitEthernet1/0/11
description 5-13-2
switchport access vlan 340
switchport mode access
ip arp inspection limit rate 100
authentication control-direction in
authentication event server dead action authorize vlan 340
authentication port-control auto
authentication violation restrict
dot1x pae authenticator
dot1x max-req 3
dot1x max-reauth-req 3
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
!
Problem
Оccasionally when computer is turned on, the authentication fails.
After disable/enable network interface on the computer (or after reboot computer), the authentication successful.
Log messages:
Jun 4 08:13:37 10.13.90.2 62971: gmt-sw-phd-01: Jun 4 2013 04:13:37.470 UTC: %DOT1X-5-FAIL: Authentication failed for client (80c1.6eef.c2e4) on Interface Gi1/0/12 AuditSessionID 0A0D5A02000027E85FC6C57D
Jun 4 08:13:38 10.13.90.2 62972: gmt-sw-phd-01: Jun 4 2013 04:13:37.470 UTC: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (80c1.6eef.c2e4) on Interface Gi1/0/12 AuditSessionID 0A0D5A02000027E85FC6C57D
What do I need do to solve this problem?
Thank you.
06-04-2013 07:56 AM
I have started having issues with my 2960's and 802.1x as well. I am running IOS 12.2(52)SE. Sometimes a reboot or port restart works but lately that has stopped working. We are using the AnyConnect client as our supplicant with user/password to ACS 4.2 server for Windows.
Any help would be awesome!
07-18-2013 04:07 AM
Kindly review the below link:
www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_2.0/trustsec_2.0_dig.pdf
07-19-2013 03:56 AM
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide