cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

16995
Views
10
Helpful
5
Replies
Highlighted
Beginner

Authentication failed for client (Unknown MAC)

Hi All, something's going wrong with dot1x auth of some win10 802.1x clients.
This is how the NAS port  is configured:

 

interface GigabitEthernet1/0/5

 authentication host-mode multi-domain
 authentication port-control auto
 authentication violation protect
 dot1x pae authenticator
 dot1x timeout tx-period 3

 

The following are the  debug messages I get:

 

Jan 22 09:07:13.329: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2
Jan 22 09:07:13.329: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2
Jan 22 09:07:13.329: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2
Jan 22 09:07:13.329: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID AC10640B0000032493CB94F2

 

Disabling and re-enabling the NIC makes the authentication to success.

I think it's something related to the client, some other clients configured in the very same way are not getting any error.
Does anyone have any idea on what should I check or any debug that could point me in the right way?
Many thanks in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

When this happens, do you see the MAC address on the port?

Some early IOS versions have bugs that cause authentication process not to pick up the MAC, even though the MAC appears on the port.

But if the MAC address is really not reported on the port when the problem happens then it is likely to be a client issue. I have seen the problem when PCs are on standby, when the NIC is kept up, but no MAC address appears on the port.

What make is the NIC? This could be a driver issue, might be NIC power saving settings, etc.

View solution in original post

5 REPLIES 5
Highlighted
Beginner

When this happens, do you see the MAC address on the port?

Some early IOS versions have bugs that cause authentication process not to pick up the MAC, even though the MAC appears on the port.

But if the MAC address is really not reported on the port when the problem happens then it is likely to be a client issue. I have seen the problem when PCs are on standby, when the NIC is kept up, but no MAC address appears on the port.

What make is the NIC? This could be a driver issue, might be NIC power saving settings, etc.

View solution in original post

Highlighted

Actually no mac address is shown on the switch interface.

The NIC is an Intel I218-LM and the issue arise randomly not only when recovering from standby status but even when a user only disconnects from his account.
Looked for bugs related to this issue but didn't find anything. I will schedule a driver upgrade (my driver version is quite new but not the latest). By now, I disabled power saving settings that let this NIC to be powered off, let's see if this helps.
Thanks for your thoughts!

Highlighted

Actually, when the problem arise, no mac address is shown in the interface:

 

# show mac address-table interface Gi2/0/7
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

# show auth sessions


Interface  MAC Address     Method   Domain   Status         Session ID
Gi2/0/7    (unknown)       N/A      DATA     Authz Failed   AC10640B0000034DA87E3F46

 

We use an Intel I218-LM with driver not too much outdated, even still not the latest.
The strange thing is that the problem occurs randomly when the system recovers from a standby status, and also when the user disconnects from his account.
At this moment I disabled power saving settings on the NIC to see if this helps, moreover I will schedule a driver upgrade.
Many thanks for your thoughts!

Highlighted

Highlighted

I have started seeing this same odd behavior on newer dell laptops using USB-C docks. 

What resolved your issue?