08-15-2017 04:10 AM - edited 03-11-2019 12:56 AM
I have the following topology (in VIRL):
(windows 7 Supplicant)--------(Cisco IOSL2v 15.2)-----(ISE 2.2)----(AD Windows Server 2012 R2)
But when i perform 802.1x from Windows 7 i am getting the following debug output on Cisco IOSL2v
=====================================================================================
*Aug 15 10:54:15.310: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 10:54:15.310: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 10:54:15.310: dot1x-packet: length: 0x0000
*Aug 15 10:54:15.310: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0
*Aug 15 10:54:15.310: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 10:54:15.310: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 10:54:15.310: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 10:54:20.311: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 10:54:20.311: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 10:54:20.311: dot1x-packet: length: 0x0000
*Aug 15 10:54:20.311: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0
*Aug 15 10:54:20.311: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 10:54:20.311: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 10:54:20.311: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 10:54:25.319: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 10:54:25.319: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 10:54:25.319: dot1x-packet: length: 0x0000
*Aug 15 10:54:25.319: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0
*Aug 15 10:54:25.319: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 10:54:25.319: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 10:54:25.319: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
IOSvL2(config)#
*Aug 15 11:04:03.083: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 11:04:03.083: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 11:04:03.083: dot1x-packet: length: 0x0000
*Aug 15 11:04:03.083: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0
*Aug 15 11:04:03.083: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 11:04:03.083: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 11:04:03.083: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 11:04:08.078: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 11:04:08.079: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 11:04:08.079: dot1x-packet: length: 0x0000
*Aug 15 11:04:08.079: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0
*Aug 15 11:04:08.079: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 11:04:08.079: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 11:04:08.079: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
*Aug 15 11:04:13.086: dot1x-packet:[000c.292e.875e, Gi0/2] queuing an EAPOL pkt on Auth Q
*Aug 15 11:04:13.087: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
*Aug 15 11:04:13.087: dot1x-packet: length: 0x0000
*Aug 15 11:04:13.087: dot1x-ev:[Gi0/2] Dequeued pkt: Int Gi0/2 CODE= 0,TYPE= 0,LEN= 0
*Aug 15 11:04:13.087: dot1x-ev:[Gi0/2] Received pkt saddr =000c.292e.875e , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
*Aug 15 11:04:13.087: dot1x-ev:[Gi0/2] Couldn't find the supplicant in the list
*Aug 15 11:04:13.088: dot1x-ev:[000c.292e.875e, Gi0/2] New client detected, sending session start event for 000c.292e.875e
======================================================================================================
The switch has the following configuration:
aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
!
interface GigabitEthernet0/2
switchport mode access
media-type rj45
negotiation auto
authentication event fail action next-method
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication violation restrict
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge
!
Please can anyone help with this..?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide