- Cisco Community
- Technology and Support
- Security
- Network Access Control
- Anyone figure this out? I
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Cisco Conference Phone (8831 and other) loses sporadic network connection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016 01:19 AM - edited 03-10-2019 11:33 PM
Dear all,
when I enabled dot1x in our network, our Win7 clients worked fine with their certificates but the conference phones sporadic lose their connection to the call manager. If I shut the port and enable it again they register and work fine. The port configuration is as follows:
interface FastEthernet0/16
description Conference Phone 8831
switchport access vlan 123
switchport mode access
switchport voice vlan 150
authentication control-direction in
authentication event server dead action authorize vlan 123
authentication port-control auto
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
storm-control broadcast level 20.00
spanning-tree portfast
end
The running-configuration of the switch is as follows:
SWITCH#sh run
Building configuration...Current configuration : 26153 bytes
version 12.2
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname SWITCH
!
boot-start-marker
boot-end-marker
!
enable secret 5 <xxXx>
!
username <xxXx> privilege 15 password 7 <xxXx>
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication dot1x default group radius
aaa authorization exec default group tacacs+ local
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting commands 15 default start-stop group tacacs+!
aaa server radius dynamic-author
client 10.245.71.13 server-key 7 <xxXx>
!
aaa session-id common
clock timezone cet 1 0
clock summer-time mest recurring last Sun Mar 2:00 last Sun Oct 3:00
system mtu routing 1500
no ip source-route
no ip domain-lookup
ip domain-name space.lan
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
!
<SNIP crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR>
!
<SNIP crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR>
!
dot1x system-auth-control
dot1x guest-vlan supplicant
dot1x critical eapol
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 61440
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
<SNIP interface Fa0/1-15>
!
interface FastEthernet0/16
description CP 40.58 Grey
switchport access vlan 123
switchport mode access
switchport voice vlan 150
authentication control-direction in
authentication event server dead action authorize vlan 123
authentication port-control auto
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
storm-control broadcast level 20.00
spanning-tree portfast
!
<SNIP interface Fa0/17-48>
!
interface GigabitEthernet0/1
description Nexus37s
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,75,76,94,123,150,304,306,750
switchport mode trunk
udld port
mls qos trust cos
!
interface GigabitEthernet0/2
description Nexus38n
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,75,76,94,123,150,304,306,750,999
switchport mode trunk
udld port
mls qos trust cos
!
interface GigabitEthernet0/3
shutdown
!
interface GigabitEthernet0/4
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan94
ip address 10.245.x.x 255.255.255.0
!
ip default-gateway 10.245.x.x
no ip http server
no ip http secure-server
!
<SNIP loggin, ACL, SNMP>
!
tacacs-server host 10.245.x.x
tacacs-server host 10.245.x.x
tacacs-server timeout 10
tacacs-server directed-request
tacacs-server key 7 110D0F075A43595F45
radius-server host 10.245.x.x key 7 ...
radius-server host 10.245.x.x key 7 ...
radius-server vsa send accounting
radius-server vsa send authentication
!
!
<SNIP Banner and MOTD>
!
!
line con 0
session-timeout 10
line vty 0 4
session-timeout 10
access-class 12 in
transport input ssh
line vty 5 15
access-class 12 in
transport input ssh
!
ntp server 10.245.x.x
ntp server 10.245.x.x
end
The debug dot1x all says:
Mar 10 08:26:43: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F0000000692C4D6ECE
Mar 10 08:26:43: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F0000000692C4D6ECE
Mar 10 08:26:43: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F0000000692C4D6ECE
Mar 10 08:26:43: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F0000000692C4D6ECE
Mar 10 08:26:43: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F0000000692C4D6ECE
Mar 10 08:37:53: dot1x-ev(Fa0/16): Interface state changed to UP
Mar 10 08:37:53: dot1x_auth Fa0/16: initial state auth_initialize has enter
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_initialize_enter called
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_initialize, got event 0(cfg_auto)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_initialize -> auth_disconnected
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_disconnected_enter called
Mar 10 08:37:53: dot1x_auth Fa0/16: idle during state auth_disconnected
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_disconnected -> auth_restart
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_restart_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Sending create new context event to EAP for 0x700009D3 (0000.0000.0000)
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has enter
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_initialize_enter called
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has idle
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: during state auth_bend_initialize, got event 16383(idle)
Mar 10 08:37:53: @@@ dot1x_auth_bend Fa0/16: auth_bend_initialize -> auth_bend_idle
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_idle_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Created a client entry (0x700009D3)
Mar 10 08:37:53: dot1x-ev(Fa0/16): Dot1x authentication started for 0x700009D3 (0000.0000.0000)
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting !EAP_RESTART on Client 0x700009D3
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_restart, got event 6(no_eapRestart)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_restart -> auth_connecting
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_connecting_enter called
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_restart_connecting_action called
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting RX_REQ on Client 0x700009D3
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_connecting -> auth_authenticating
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_authenticating_enter called
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_connecting_authenticating_action called
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting AUTH_START for 0x700009D3
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: during state auth_bend_idle, got event 4(eapReq_authStart)
Mar 10 08:37:53: @@@ dot1x_auth_bend Fa0/16: auth_bend_idle -> auth_bend_request
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:37:53: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:37:53: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:37:53: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x700009D3 (0000.0000.0000)
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_idle_request_action called
Mar 10 08:38:20: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Fa0/16, port's configured trust state is now operational.
Mar 10 08:38:24: dot1x-sm(Fa0/16): Posting EAP_REQ for 0x700009D3
Mar 10 08:38:24: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 7(eapReq)
Mar 10 08:38:24: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_request
Mar 10 08:38:24: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_request_action called
Mar 10 08:38:24: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_enter called
Mar 10 08:38:24: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:38:24: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:38:24: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:38:24: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x700009D3 (0000.0000.0000)
Mar 10 08:38:55: dot1x-sm(Fa0/16): Posting EAP_REQ for 0x700009D3
Mar 10 08:38:55: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 7(eapReq)
Mar 10 08:38:55: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_request
Mar 10 08:38:55: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_request_action called
Mar 10 08:38:55: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_enter called
Mar 10 08:38:55: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:38:55: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:38:55: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:38:55: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x700009D3 (0000.0000.0000)
Mar 10 08:39:26: dot1x-ev(Fa0/16): Received an EAP Timeout
Mar 10 08:39:26: dot1x-sm(Fa0/16): Posting EAP_TIMEOUT for 0x700009D3
Mar 10 08:39:26: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 12(eapTimeout)
Mar 10 08:39:26: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_timeout
Mar 10 08:39:26: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_timeout_enter called
Mar 10 08:39:26: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_timeout_action called
Mar 10 08:39:26: dot1x_auth_bend Fa0/16: idle during state auth_bend_timeout
Mar 10 08:39:26: @@@ dot1x_auth_bend Fa0/16: auth_bend_timeout -> auth_bend_idle
Mar 10 08:39:26: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_idle_enter called
Mar 10 08:39:26: dot1x-sm(Fa0/16): Posting AUTH_TIMEOUT on Client 0x700009D3
Mar 10 08:39:26: dot1x_auth Fa0/16: during state auth_authenticating, got event 14(authTimeout)
Mar 10 08:39:26: @@@ dot1x_auth Fa0/16: auth_authenticating -> auth_authc_result
Mar 10 08:39:26: dot1x-sm(Fa0/16): 0x700009D3:auth_authenticating_exit called
Mar 10 08:39:26: dot1x-sm(Fa0/16): 0x700009D3:auth_authc_result_enter called
Mar 10 08:39:26: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:39:26: dot1x-ev(Fa0/16): Sending event (2) to Auth Mgr for 0000.0000.0000
Mar 10 08:39:26: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:39:26: dot1x-ev(Fa0/16): Received Authz fail for the client 0x700009D3 (0000.0000.0000)
Mar 10 08:39:26: dot1x-ev(Fa0/16): Deleting client 0x700009D3 (0000.0000.0000)
Mar 10 08:39:26: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:39:26: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:39:26: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:39:26: dot1x-sm(Fa0/16): Posting_AUTHZ_FAIL on Client 0x700009D3
Mar 10 08:39:26: dot1x_auth Fa0/16: during state auth_authc_result, got event 22(authzFail)
Mar 10 08:39:26: @@@ dot1x_auth Fa0/16: auth_authc_result -> auth_held
Mar 10 08:40:27: dot1x_auth Fa0/16: initial state auth_initialize has enter
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_initialize_enter called
Mar 10 08:40:27: dot1x_auth Fa0/16: during state auth_initialize, got event 0(cfg_auto)
Mar 10 08:40:27: @@@ dot1x_auth Fa0/16: auth_initialize -> auth_disconnected
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_disconnected_enter called
Mar 10 08:40:27: dot1x_auth Fa0/16: idle during state auth_disconnected
Mar 10 08:40:27: @@@ dot1x_auth Fa0/16: auth_disconnected -> auth_restart
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_restart_enter called
Mar 10 08:40:27: dot1x-ev(Fa0/16): Sending create new context event to EAP for 0x7F0009E3 (0000.0000.0000)
Mar 10 08:40:27: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has enter
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_initialize_enter called
Mar 10 08:40:27: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has idle
Mar 10 08:40:27: dot1x_auth_bend Fa0/16: during state auth_bend_initialize, got event 16383(idle)
Mar 10 08:40:27: @@@ dot1x_auth_bend Fa0/16: auth_bend_initialize -> auth_bend_idle
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_idle_enter called
Mar 10 08:40:27: dot1x-ev(Fa0/16): Created a client entry (0x7F0009E3)
Mar 10 08:40:27: dot1x-ev(Fa0/16): Dot1x authentication started for 0x7F0009E3 (0000.0000.0000)
Mar 10 08:40:27: dot1x-sm(Fa0/16): Posting !EAP_RESTART on Client 0x7F0009E3
Mar 10 08:40:27: dot1x_auth Fa0/16: during state auth_restart, got event 6(no_eapRestart)
Mar 10 08:40:27: @@@ dot1x_auth Fa0/16: auth_restart -> auth_connecting
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_connecting_enter called
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_restart_connecting_action called
Mar 10 08:40:27: dot1x-sm(Fa0/16): Posting RX_REQ on Client 0x7F0009E3
Mar 10 08:40:27: dot1x_auth Fa0/16: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Mar 10 08:40:27: @@@ dot1x_auth Fa0/16: auth_connecting -> auth_authenticating
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_authenticating_enter called
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_connecting_authenticating_action called
Mar 10 08:40:27: dot1x-sm(Fa0/16): Posting AUTH_START for 0x7F0009E3
Mar 10 08:40:27: dot1x_auth_bend Fa0/16: during state auth_bend_idle, got event 4(eapReq_authStart)
Mar 10 08:40:27: @@@ dot1x_auth_bend Fa0/16: auth_bend_idle -> auth_bend_request
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_request_enter called
Mar 10 08:40:27: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:40:27: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:40:27: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:40:27: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x7F0009E3 (0000.0000.0000)
Mar 10 08:40:27: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_idle_request_action called
Mar 10 08:40:57: dot1x-sm(Fa0/16): Posting EAP_REQ for 0x7F0009E3
Mar 10 08:40:57: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 7(eapReq)
Mar 10 08:40:57: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_request
Mar 10 08:40:57: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_request_request_action called
Mar 10 08:40:57: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_request_enter called
Mar 10 08:40:57: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:40:57: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:40:57: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:40:57: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x7F0009E3 (0000.0000.0000)
Mar 10 08:41:28: dot1x-sm(Fa0/16): Posting EAP_REQ for 0x7F0009E3
Mar 10 08:41:28: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 7(eapReq)
Mar 10 08:41:28: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_request
Mar 10 08:41:28: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_request_request_action called
Mar 10 08:41:28: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_request_enter called
Mar 10 08:41:28: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:41:28: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:41:28: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:41:28: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x7F0009E3 (0000.0000.0000)
Mar 10 08:41:59: dot1x-ev(Fa0/16): Received an EAP Timeout
Mar 10 08:41:59: dot1x-sm(Fa0/16): Posting EAP_TIMEOUT for 0x7F0009E3
Mar 10 08:41:59: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 12(eapTimeout)
Mar 10 08:41:59: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_timeout
Mar 10 08:41:59: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_timeout_enter called
Mar 10 08:41:59: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_request_timeout_action called
Mar 10 08:41:59: dot1x_auth_bend Fa0/16: idle during state auth_bend_timeout
Mar 10 08:41:59: @@@ dot1x_auth_bend Fa0/16: auth_bend_timeout -> auth_bend_idle
Mar 10 08:41:59: dot1x-sm(Fa0/16): 0x7F0009E3:auth_bend_idle_enter called
Mar 10 08:41:59: dot1x-sm(Fa0/16): Posting AUTH_TIMEOUT on Client 0x7F0009E3
Mar 10 08:41:59: dot1x_auth Fa0/16: during state auth_authenticating, got event 14(authTimeout)
Mar 10 08:41:59: @@@ dot1x_auth Fa0/16: auth_authenticating -> auth_authc_result
Mar 10 08:41:59: dot1x-sm(Fa0/16): 0x7F0009E3:auth_authenticating_exit called
Mar 10 08:41:59: dot1x-sm(Fa0/16): 0x7F0009E3:auth_authc_result_enter called
Mar 10 08:41:59: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:41:59: dot1x-ev(Fa0/16): Sending event (2) to Auth Mgr for 0000.0000.0000
Mar 10 08:41:59: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:41:59: dot1x-ev(Fa0/16): Received Authz fail for the client 0x7F0009E3 (0000.0000.0000)
Mar 10 08:41:59: dot1x-ev(Fa0/16): Deleting client 0x7F0009E3 (0000.0000.0000)
Mar 10 08:41:59: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:41:59: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:41:59: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:41:59: dot1x-sm(Fa0/16): Posting_AUTHZ_FAIL on Client 0x7F0009E3
Mar 10 08:41:59: dot1x_auth Fa0/16: during state auth_authc_result, got event 22(authzFail)
Mar 10 08:41:59: @@@ dot1x_auth Fa0/16: auth_authc_result -> auth_held
Mar 10 08:42:52: dot1x-packet(Fa0/4): EAPOL packet sent to client 0x2D0009EC (0000.0000.0000)Mar 10 08:37:53: dot1x-ev(Fa0/16): Interface state changed to UP
Mar 10 08:37:53: dot1x_auth Fa0/16: initial state auth_initialize has enter
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_initialize_enter called
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_initialize, got event 0(cfg_auto)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_initialize -> auth_disconnected
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_disconnected_enter called
Mar 10 08:37:53: dot1x_auth Fa0/16: idle during state auth_disconnected
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_disconnected -> auth_restart
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_restart_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Sending create new context event to EAP for 0x700009D3 (0000.0000.0000)
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has enter
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_initialize_enter called
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has idle
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: during state auth_bend_initialize, got event 16383(idle)
Mar 10 08:37:53: @@@ dot1x_auth_bend Fa0/16: auth_bend_initialize -> auth_bend_idle
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_idle_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Created a client entry (0x700009D3)
Mar 10 08:42:57: EAPOL pak dump Tx7:53: dot1x-ev(Fa0/16): Dot1x authentication started for 0x700009D3 (0000.0000.0000)
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting !EAP_RESTART on Client 0x700009D3
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_restart, got event 6(no_eapRestart)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_restart -> auth_connecting
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_connecting_enter called
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_restart_connecting_action called
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting RX_REQ on Client 0x700009D3
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Mar 10 08:42:57: EAPOL Version: 0x3 type: 0x0 length: 0x0005Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_connecting -> auth_authenticating
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_authenticating_enter called
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_connecting_authenticating_action called
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting AUTH_START for 0x700009D3
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: during state auth_bend_idle, got event 4(eapReq_authStart)
Mar 10 08:37:53: @@@ dot1x_auth_bend Fa0/16: auth_bend_idle -> auth_bend_request
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:37:53: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:42:59: dot1x_auth Fa0/16: initial state auth_initialize has enter
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_initialize_enter called
Mar 10 08:42:59: dot1x_auth Fa0/16: during state auth_initialize, got event 0(cfg_auto)
Mar 10 08:42:59: @@@ dot1x_auth Fa0/16: auth_initialize -> auth_disconnected
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_disconnected_enter called
Mar 10 08:42:59: dot1x_auth Fa0/16: idle during state auth_disconnected
Mar 10 08:42:59: @@@ dot1x_auth Fa0/16: auth_disconnected -> auth_restart
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_restart_enter called
Mar 10 08:42:59: dot1x-ev(Fa0/16): Sending create new context event to EAP for 0x870009F3 (0000.0000.0000)
Mar 10 08:42:59: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has enter
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_initialize_enter called
Mar 10 08:42:59: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has idle
Mar 10 08:42:59: dot1x_auth_bend Fa0/16: during state auth_bend_initialize, got event 16383(idle)
Mar 10 08:42:59: @@@ dot1x_auth_bend Fa0/16: auth_bend_initialize -> auth_bend_idle
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_idle_enter called
Mar 10 08:42:59: dot1x-ev(Fa0/16): Created a client entry (0x870009F3)
Mar 10 08:42:59: dot1x-ev(Fa0/16): Dot1x authentication started for 0x870009F3 (0000.0000.0000)
Mar 10 08:42:59: dot1x-sm(Fa0/16): Posting !EAP_RESTART on Client 0x870009F3
Mar 10 08:42:59: dot1x_auth Fa0/16: during state auth_restart, got event 6(no_eapRestart)
Mar 10 08:42:59: @@@ dot1x_auth Fa0/16: auth_restart -> auth_connecting
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_connecting_enter called
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_restart_connecting_action called
Mar 10 08:42:59: dot1x-sm(Fa0/16): Posting RX_REQ on Client 0x870009F3
Mar 10 08:42:59: dot1x_auth Fa0/16: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Mar 10 08:42:59: @@@ dot1x_auth Fa0/16: auth_connecting -> auth_authenticating
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_authenticating_enter called
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_connecting_authenticating_action called
Mar 10 08:42:59: dot1x-sm(Fa0/16): Posting AUTH_START for 0x870009F3
Mar 10 08:42:59: dot1x_auth_bend Fa0/16: during state auth_bend_idle, got event 4(eapReq_authStart)
Mar 10 08:42:59: @@@ dot1x_auth_bend Fa0/16: auth_bend_idle -> auth_bend_request
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_request_enter called
Mar 10 08:42:59: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE addressMar 10 08:37:53: dot1x-ev(Fa0/16): Interface state changed to UP
Mar 10 08:42:59: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE addressMar 10 08:37:53: dot1x-ev(Fa0/16): Interface state changed to UP
Mar 10 08:37:53: dot1x_auth Fa0/16: initial state auth_initialize has enter
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_initialize_enter called
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_initialize, got event 0(cfg_auto)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_initialize -> auth_disconnected
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_disconnected_enter called
Mar 10 08:37:53: dot1x_auth Fa0/16: idle during state auth_disconnected
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_disconnected -> auth_restart
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_restart_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Sending create new context event to EAP fo
Mar 10 08:42:59: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:42:59: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:42:59: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x870009F3 (0000.0000.0000)
Mar 10 08:42:59: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_idle_request_action called
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has enter
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_initialize_enter called
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: initial state auth_bend_initialize has idle
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: during state auth_bend_initialize, got event 16383(idle)
Mar 10 08:37:53: @@@ dot1x_auth_bend Fa0/16: auth_bend_initialize -> auth_bend_idle
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_idle_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Created a client entry (0x700009D3)
Mar 10 08:37:53: dot1x-ev(Fa0/16): Dot1x authentication started for 0x700009D3 (0000.0000.0000)
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting !EAP_RESTART on Client 0x700009D3
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_restart, got event 6(no_eapRestart)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_restart -> auth_connecting
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_connecting_enter called
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_restart_connecting_action called
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting RX_REQ on Client 0x700009D3
Mar 10 08:37:53: dot1x_auth Fa0/16: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Mar 10 08:37:53: @@@ dot1x_auth Fa0/16: auth_connecting -> auth_authenticating
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_connecting_authenticating_action called
Mar 10 08:37:53: dot1x-sm(Fa0/16): Posting AUTH_START for 0x700009D3
Mar 10 08:37:53: dot1x_auth_bend Fa0/16: during state auth_bend_idle, got event 4(eapReq_authStart)
Mar 10 08:37:53: @@@ dot1x_auth_bend Fa0/16: auth_bend_idle -> auth_bend_request
Mar 10 08:37:53: dot1x-sm(Fa0/16): 0x700009D3:auth_bend_request_enter called
Mar 10 08:37:53: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:37:53: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:43:30: dot1x-sm(Fa0/16): Posting EAP_REQ for 0x870009F3
Mar 10 08:43:30: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 7(eapReq)
Mar 10 08:43:30: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_request
Mar 10 08:43:30: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_request_request_action called
Mar 10 08:43:30: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_request_enter called
Mar 10 08:43:30: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:43:30: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:43:30: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:43:30: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x870009F3 (0000.0000.0000)
Mar 10 08:44:01: dot1x-sm(Fa0/16): Posting EAP_REQ for 0x870009F3
Mar 10 08:44:01: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 7(eapReq)
Mar 10 08:44:01: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_request
Mar 10 08:44:01: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_request_request_action called
Mar 10 08:44:01: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_request_enter called
Mar 10 08:44:01: dot1x-ev(Fa0/16): Sending EAPOL packet to group PAE address
Mar 10 08:44:01: dot1x-ev(Fa0/16): Role determination not required
Mar 10 08:44:01: dot1x-ev(Fa0/16): Sending out EAPOL packet
Mar 10 08:44:01: dot1x-packet(Fa0/16): EAPOL packet sent to client 0x870009F3 (0000.0000.0000)
Mar 10 08:44:32: dot1x-ev(Fa0/16): Received an EAP Timeout
Mar 10 08:44:32: dot1x-sm(Fa0/16): Posting EAP_TIMEOUT for 0x870009F3
Mar 10 08:44:32: dot1x_auth_bend Fa0/16: during state auth_bend_request, got event 12(eapTimeout)
Mar 10 08:44:32: @@@ dot1x_auth_bend Fa0/16: auth_bend_request -> auth_bend_timeout
Mar 10 08:44:32: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_timeout_enter called
Mar 10 08:44:32: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_request_timeout_action called
Mar 10 08:44:32: dot1x_auth_bend Fa0/16: idle during state auth_bend_timeout
Mar 10 08:44:32: @@@ dot1x_auth_bend Fa0/16: auth_bend_timeout -> auth_bend_idle
Mar 10 08:44:32: dot1x-sm(Fa0/16): 0x870009F3:auth_bend_idle_enter called
Mar 10 08:44:32: dot1x-sm(Fa0/16): Posting AUTH_TIMEOUT on Client 0x870009F3
Mar 10 08:44:32: dot1x_auth Fa0/16: during state auth_authenticating, got event 14(authTimeout)
Mar 10 08:44:32: @@@ dot1x_auth Fa0/16: auth_authenticating -> auth_authc_result
Mar 10 08:44:32: dot1x-sm(Fa0/16): 0x870009F3:auth_authenticating_exit called
Mar 10 08:44:32: dot1x-sm(Fa0/16): 0x870009F3:auth_authc_result_enter called
Mar 10 08:44:32: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:44:32: dot1x-ev(Fa0/16): Sending event (2) to Auth Mgr for 0000.0000.0000
Mar 10 08:44:32: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:44:32: dot1x-ev(Fa0/16): Received Authz fail for the client 0x870009F3 (0000.0000.0000)
Mar 10 08:44:32: dot1x-ev(Fa0/16): Deleting client 0x870009F3 (0000.0000.0000)
Mar 10 08:44:32: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:44:32: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:44:32: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Fa0/16 AuditSessionID 0AF547F00000006A311F9ED7
Mar 10 08:44:32: dot1x-sm(Fa0/16): Posting_AUTHZ_FAIL on Client 0x870009F3
Mar 10 08:44:32: dot1x_auth Fa0/16: during state auth_authc_result, got event 22(authzFail)
Mar 10 08:44:32: @@@ dot1x_auth Fa0/16: auth_authc_result -> auth_held
show authentication session:
show authentication sessions interface Fa0/16
Interface: FastEthernet0/16
MAC Address: Unknown
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Running
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: single-host
Oper control dir: in
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0AF547F00000006A311F9ED7
Acct Session ID: 0x000016D2
Handle: 0xE400006BRunnable methods list:
Method State
dot1x Running
then turns in
show authentication sessions interface Fa0/16
Interface: FastEthernet0/16
MAC Address: Unknown
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Authz Failed
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: single-host
Oper control dir: in
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0AF547F00000006A311F9ED7
Acct Session ID: 0x000016D2
Handle: 0xE400006BRunnable methods list:
Method State
dot1x Failed over
But the phone is registred and works as designed... I can not reproduce the failure but during the day it will lose it's network connection. Then the display shows:
Phone unregistered.
Any suggestions what I can do? Is my configuration of dot1x correct? Is there something missing?
Best regards,
Andreas
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2016 02:15 AM
I have the same simptom but I'm not runnning dot1x on the network. The phones will lose the registration with Call Manager from day to night without any accurate cause.
I'm runnin version SIP8831.10-3-1SR2-2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2016 02:55 AM
Also experiencing this issue at certain sites........ I had a quick look at firmware and noticed this...
Problem site #1
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
Working fine site #1
sip8831.10-3-1-16
sip8831.10-3-1-16
sip8831.10-3-1-16
sip8831.10-3-1-16
sip8831.10-3-1-16
Problem site #2
sip8831.10-3-1SR2-2
sip8831.10-3-1SR2-2
Working fine site #2
sip8831.10-3-1-16
sip8831.10-3-1-16
sip8831.10-3-1SR2-2
Working fine site #3
sip8831.9-3-3-5
sip8831.9-3-3-5
So upon initial investigation... it looks like the firmware "sip8831.10-3-1SR2-2" is being problematic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 07:39 PM
Anyone figure this out? I just got a report of the same problem with 8831's running sip8831.10-3-1SR2-2. Is there a way to just upgrade those phones with that firmware? I have other 8831s in my cluster that I don't want upgraded.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide