Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
0
Replies

Cisco IOSL2v is unable to perform dot1x on Windows 7 Supplicant in VIRL

muhammad_2013331
Level 1
Level 1

‎08-15-2017 04:10 AM - edited ‎03-11-2019 12:56 AM

I have the following topology (in VIRL):

(windows 7 Supplicant)--------(Cisco IOSL2v 15.2)-----(ISE 2.2)----(AD Windows Server 2012 R2)

But when i perform 802.1x from Windows 7 i am getting the following debug output on Cisco IOSL2v

=====================================================================================

*Aug 15 10:54:15.310: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 10:54:15.310: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 10:54:15.310: dot1x-packet: length: 0x0000
*Aug 15 10:54:15.310: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0

*Aug 15 10:54:15.310: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 10:54:15.310: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 10:54:15.310: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 10:54:20.311: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 10:54:20.311: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 10:54:20.311: dot1x-packet: length: 0x0000
*Aug 15 10:54:20.311: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0

*Aug 15 10:54:20.311: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 10:54:20.311: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 10:54:20.311: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 10:54:25.319: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 10:54:25.319: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 10:54:25.319: dot1x-packet: length: 0x0000
*Aug 15 10:54:25.319: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0

*Aug 15 10:54:25.319: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 10:54:25.319: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 10:54:25.319: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
IOSvL2(config)#
*Aug 15 11:04:03.083: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 11:04:03.083: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 11:04:03.083: dot1x-packet: length: 0x0000
*Aug 15 11:04:03.083: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0

*Aug 15 11:04:03.083: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 11:04:03.083: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 11:04:03.083: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 11:04:08.078: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 11:04:08.079: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 11:04:08.079: dot1x-packet: length: 0x0000
*Aug 15 11:04:08.079: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0

*Aug 15 11:04:08.079: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 11:04:08.079: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 11:04:08.079: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 11:04:13.086: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 11:04:13.087: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 11:04:13.087: dot1x-packet: length: 0x0000
*Aug 15 11:04:13.087: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0

*Aug 15 11:04:13.087: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 11:04:13.087: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 11:04:13.088: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e

======================================================================================================

The switch has the following configuration:

aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius

!

radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3

!

interface GigabitEthernet0/2
switchport mode access
media-type rj45
negotiation auto
authentication event fail action next-method
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication violation restrict
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge
!

Please can anyone help with this..?

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents