cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5518
Views
5
Helpful
22
Replies

Cisco ise 2.4 anyconnect all windows restart authentication failed dot1x

emre
Level 1
Level 1

hello everyone


I have a problem guys,

1 piece standalone cisco ise v2.4 I use it in the building

500 to 800 users are working

''now; map authentication side is actively working now ''


anyconnect is installed on all computers and config is ready,

and when I activate the ports on the switch, I see that there is authentication on it

so the system is working'


but


there is no authentication at all when I restart computers,

running system before restarting computers
does not work after restarting computers


authentication does not work when I restart computers


and non-authentication users

anyconnect software asks for username and password

 

Meanwhile, I upgraded the patch updates

I made switch firmware updates

and there are switches operating in different brands

juniper,alcatel,huawei


I request your support on this matter, friends

thanks,

 

I'm transmitting the config information in the attachment,

 

 

 

 

'''

aaa authentication login default group XX_tacacs local
aaa authentication login console local
aaa authentication login CONSOLE none
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec default group XX_tacacs local if-authenticated
aaa authorization exec CONSOLE none
aaa authorization commands 1 default group XX_tacacs local if-authenticated
aaa authorization commands 15 default group XX_tacacs local if-authenticated
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group baro_tacacs
aaa accounting commands 1 default start-stop group XX_tacacs
aaa accounting commands 15 default start-stop group XX_tacacs

'''

 

port config

 

interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 40
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
power inline port 2x-mode
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 1
spanning-tree portfast
spanning-tree bpduguard enable

 

 

22 Replies 22

I agree with others that you should not enable port sec on the port/s when using dot1x. Please flip your NAM profile to 'Connection Attempt Before Login' and share results. Another mechanism you could test as a possible solution is to configure a machine only network profile as fallback. In this scenario, once a user is logged off the network connection is terminated, and then NAM uses the next network profile (machine auth only) to connect back to the network. Perhaps in this scenario into a restricted network. Make sure for your original test that you have the proper policy conditions setup in ISE authz policies. On a computer reboot your eapchaining result should equal user fail:computer pass. HTH!

hi mike
thanks for your answer
 
I tested it with network profile without using anyconnect nam but it does not connect to network when restart
 
İSE If there was an incorrect configuration done, no connections could be made ?  (is it correct)
 
Whether the port is security or not, it needs to be authentication, (I think that there is no factor preventing authentication when I turn the PC off and on)
 
I probably tried the switch side config, but I also encountered the same problem with switches of different brands
 
 

I tested it with network profile without using anyconnect nam but it does not connect to network when restart
-What I meant was configure another network profile for NAM to use after the first one fails. See screenshot.  Setup the second one for machine auth only via eap-tls.  If you decide to test this I am willing to bet you will need to make allowed protocol adjustments in ISE.

İSE If there was an incorrect configuration done, no connections could be made ? (is it correct)
-No. Dot1x connection attempts can still be made, but if policy is wrong it could cause onboarding issues.
Whether the port is security or not, it needs to be authentication, (I think that there is no factor preventing authentication when I turn the PC off and on)
I probably tried the switch side config, but I also encountered the same problem with switches of different brands
Please run the tests again (reboot) and debug on switch & share debug output:
debug dot1x all
debug authentication all
debug aaa authentication

hi mike
Thank you for the answer

I tried it without installing anyconnect
I tried activating wired 802.1x from windows services and I tried it that way it didn't work again (it worked, but when I restarted the computer it didn't authenticate)

Can you check if there is an error if I send the configuration (ISE configuration) ?

Or can you pass me the config of any working place? (ISE configuration) ?

thank you

thomas
Cisco Employee
Cisco Employee

It's time to call TAC.

In the future, please provide relevant configurations and errors in the beginning of your post to make it faster and easier for people to provide suggestions. See How to Ask The Community for Help.

emre
Level 1
Level 1

hi, friends

logs falling on the switch

 

anyconnect nam asks username and password when I restart the computer,

I couldn't solve this job please help

 

thanks.

 

KAB-7-SW3-IP_PHONE#
Jul 2 10:36:42.599: %MAB-5-FAIL: Authentication failed for client (d4be.d9e8.d52c) on Interface Gi1/0/42 AuditSessionID 0A0AFE11000001DAF0D5ECF4
KAB-7-SW3-IP_PHONE#
Jul 2 10:37:01.484: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] queuing an EAPOL pkt on Auth Q
Jul 2 10:37:01.484: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x1
Jul 2 10:37:01.484: dot1x-packet: length: 0x0000
Jul 2 10:37:01.484: dot1x-ev:[Gi1/0/42] Dequeued pkt: Int Gi1/0/42 CODE= 0,TYPE= 0,LEN= 0

Jul 2 10:37:01.484: dot1x-ev:[Gi1/0/42] Received pkt saddr =d4be.d9e8.d52c , daddr = 0180.c200.0003, pae-ether-type = 888e.0301.0000
Jul 2 10:37:01.484: dot1x-ev:[Gi1/0/42] Couldn't find the supplicant in the list
Jul 2 10:37:01.484: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] New client detected, sending session start event for d4be.d9e8.d52c
Jul 2 10:37:01.484: dot1x_auth Gi1/0/42: initial state auth_initialize has enter
Jul 2 10:37:01.484: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6: initialising
Jul 2 10:37:01.484: dot1x_auth Gi1/0/42: during state auth_initialize, got event 0(cfg_auto)
Jul 2 10:37:01.484: @@@ dot1x_auth Gi1/0/42: auth_initialize -> auth_disconnected
Jul 2 10:37:01.484: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6: disconnected
Jul 2 10:37:01.484: dot1x_auth Gi1/0/42: idle during state auth_disconnected
Jul 2 10:37:01.484: @@@ dot1x_auth Gi1/0/42: auth_disconnected -> auth_restart
Jul 2 10:37:01.484: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6: entering restart
Jul 2 10:37:01.484: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending create new context event to EAP for 0x930002C6 (d4be.d9e8.d52c)
Jul 2 10:37:01.484: dot1x_auth_bend Gi1/0/42: initial state auth_bend_initialize has enter
Jul 2 10:37:01.484: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6: entering init state
Jul 2 10:37:01.488: dot1x_auth_bend Gi1/0/42: initial state auth_bend_initialize has idle
Jul 2 10:37:01.488: dot1x_auth_bend Gi1/0/42: during state auth_bend_initialize, got event 16383(idle)
Jul 2 10:37:01.488: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_initialize -> auth_bend_idle
Jul 2 10:37:01.488: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:entering idle state
Jul 2 10:37:01.488: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Created a client entry (0x930002C6)
Jul 2 10:37:01.488: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Dot1x authentication started for 0x930002C6 (d4be.d9e8.d52c)
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting !EAP_RESTART on Client 0x930002C6
Jul 2 10:37:01.498: dot1x_auth Gi1/0/42: during state auth_restart, got event 6(no_eapRestart)
Jul 2 10:37:01.498: @@@ dot1x_auth Gi1/0/42: auth_restart -> auth_connecting
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:enter connecting state
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6: restart connecting
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting RX_REQ on Client 0x930002C6
Jul 2 10:37:01.498: dot1x_auth Gi1/0/42: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Jul 2 10:37:01.498: @@@ dot1x_auth Gi1/0/42: auth_connecting -> auth_authenticating
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6: authenticating state entered
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:connecting authenticating action
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting AUTH_START for 0x930002C6
Jul 2 10:37:01.498: dot1x_auth_bend Gi1/0/42: during state auth_bend_idle, got event 4(eapReq_authStart)
Jul 2 10:37:01.498: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_idle -> auth_bend_request
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:entering request state
Jul 2 10:37:01.498: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending EAPOL packet
Jul 2 10:37:01.498: dot1x-registry:registry:dot1x_ether_macaddr called
Jul 2 10:37:01.498: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending out EAPOL packet
Jul 2 10:37:01.498: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jul 2 10:37:01.498: dot1x-packet: length: 0x0005
Jul 2 10:37:01.498: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Jul 2 10:37:01.498: dot1x-packet: type: 0x1
Jul 2 10:37:01.498: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] EAPOL packet sent to client 0x930002C6
Jul 2 10:37:01.498: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:idle request action
Jul 2 10:37:01.579: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] Queuing an EAPOL pkt on Authenticator Q
Jul 2 10:37:01.579: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x0
Jul 2 10:37:01.579: dot1x-packet: length: 0x000E
Jul 2 10:37:01.579: dot1x-ev:[Gi1/0/42] Dequeued pkt: Int Gi1/0/42 CODE= 2,TYPE= 1,LEN= 14

Jul 2 10:37:01.579: dot1x-ev:[Gi1/0/42] Received pkt saddr =d4be.d9e8.d52c , daddr = 0180.c200.0003, pae-ether-type = 888e.0300.000e
Jul 2 10:37:01.579: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x0
Jul 2 10:37:01.579: dot1x-packet: length: 0x000E
Jul 2 10:37:01.579: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting EAPOL_EAP for 0x930002C6
Jul 2 10:37:01.579: dot1x_auth_bend Gi1/0/42: during state auth_bend_request, got event 6(eapolEap)
Jul 2 10:37:01.579: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_request -> auth_bend_response
Jul 2 10:37:01.579: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:entering response state
Jul 2 10:37:01.579: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Response sent to the server from 0x930002C6
Jul 2 10:37:01.579: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:request response action
Jul 2 10:37:01.593: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Received an EAP Fail
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting EAP_FAIL for 0x930002C6
Jul 2 10:37:01.593: dot1x_auth_bend Gi1/0/42: during state auth_bend_response, got event 10(eapFail)
Jul 2 10:37:01.593: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_response -> auth_bend_fail
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:exiting response state
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:entering fail state
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:response fail action
Jul 2 10:37:01.593: dot1x_auth_bend Gi1/0/42: idle during state auth_bend_fail
Jul 2 10:37:01.593: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_fail -> auth_bend_idle
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:entering idle state
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting AUTH_FAIL on Client 0x930002C6
Jul 2 10:37:01.593: dot1x_auth Gi1/0/42: during state auth_authenticating, got event 15(authFail)
Jul 2 10:37:01.593: @@@ dot1x_auth Gi1/0/42: auth_authenticating -> auth_authc_result
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:exiting authenticating state
Jul 2 10:37:01.593: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x930002C6:entering authc result state
Jul 2 10:37:01.593: %DOT1X-5-FAIL: Authentication failed for client (d4be.d9e8.d52c) on Interface Gi1/0/42 AuditSessionID 0A0AFE11000001DAF0D5ECF4
Jul 2 10:37:01.593: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] Added username in dot1x
Jul 2 10:37:01.593: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] Dot1x did not receive any key data
Jul 2 10:37:01.596: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Processing client delete for hdl 0x930002C6 sent by Auth Mgr
Jul 2 10:37:01.596: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] d4be.d9e8.d52c: sending canned failure due to method termination
Jul 2 10:37:01.596: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending EAPOL packet
Jul 2 10:37:01.596: dot1x-registry:registry:dot1x_ether_macaddr called
Jul 2 10:37:01.596: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending out EAPOL packet
Jul 2 10:37:01.596: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jul 2 10:37:01.596: dot1x-packet: length: 0x0004
Jul 2 10:37:01.596: dot1x-packet:EAP code: 0x4 id: 0x1 length: 0x0004
Jul 2 10:37:01.596: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] EAPOL canned status packet sent to client 0x930002C6
Jul 2 10:37:01.596: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Deleting client 0x930002C6 (d4be.d9e8.d52c)
Jul 2 10:37:01.596: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Delete auth client (0x930002C6) message
Jul 2 10:37:01.599: dot1x-ev:Auth client ctx destroyed
KAB-7-SW3-IP_PHONE#
Jul 2 10:37:01.627: %MAB-5-FAIL: Authentication failed for client (d4be.d9e8.d52c) on Interface Gi1/0/42 AuditSessionID 0A0AFE11000001DAF0D5ECF4
KAB-7-SW3-IP_PHONE#
Jul 2 10:37:31.505: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] queuing an EAPOL pkt on Auth Q
Jul 2 10:37:31.505: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x1
Jul 2 10:37:31.505: dot1x-packet: length: 0x0000
Jul 2 10:37:31.505: dot1x-ev:[Gi1/0/42] Dequeued pkt: Int Gi1/0/42 CODE= 0,TYPE= 0,LEN= 0

Jul 2 10:37:31.505: dot1x-ev:[Gi1/0/42] Received pkt saddr =d4be.d9e8.d52c , daddr = 0180.c200.0003, pae-ether-type = 888e.0301.0000
Jul 2 10:37:31.505: dot1x-ev:[Gi1/0/42] Couldn't find the supplicant in the list
Jul 2 10:37:31.505: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] New client detected, sending session start event for d4be.d9e8.d52c
Jul 2 10:37:31.505: dot1x_auth Gi1/0/42: initial state auth_initialize has enter
Jul 2 10:37:31.505: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: initialising
Jul 2 10:37:31.505: dot1x_auth Gi1/0/42: during state auth_initialize, got event 0(cfg_auto)
Jul 2 10:37:31.505: @@@ dot1x_auth Gi1/0/42: auth_initialize -> auth_disconnected
Jul 2 10:37:31.505: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: disconnected
Jul 2 10:37:31.505: dot1x_auth Gi1/0/42: idle during state auth_disconnected
Jul 2 10:37:31.505: @@@ dot1x_auth Gi1/0/42: auth_disconnected -> auth_restart
Jul 2 10:37:31.505: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering restart
Jul 2 10:37:31.505: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending create new context event to EAP for 0x870002C7 (d4be.d9e8.d52c)
Jul 2 10:37:31.505: dot1x_auth_bend Gi1/0/42: initial state auth_bend_initialize has enter
Jul 2 10:37:31.505: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering init state
Jul 2 10:37:31.505: dot1x_auth_bend Gi1/0/42: initial state auth_bend_initialize has idle
Jul 2 10:37:31.505: dot1x_auth_bend Gi1/0/42: during state auth_bend_initialize, got event 16383(idle)
Jul 2 10:37:31.505: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_initialize -> auth_bend_idle
Jul 2 10:37:31.505: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:entering idle state
Jul 2 10:37:31.505: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Created a client entry (0x870002C7)
Jul 2 10:37:31.505: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Dot1x authentication started for 0x870002C7 (d4be.d9e8.d52c)
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting !EAP_RESTART on Client 0x870002C7
Jul 2 10:37:31.509: dot1x_auth Gi1/0/42: during state auth_restart, got event 6(no_eapRestart)
Jul 2 10:37:31.509: @@@ dot1x_auth Gi1/0/42: auth_restart -> auth_connecting
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:enter connecting state
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: restart connecting
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting RX_REQ on Client 0x870002C7
Jul 2 10:37:31.509: dot1x_auth Gi1/0/42: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Jul 2 10:37:31.509: @@@ dot1x_auth Gi1/0/42: auth_connecting -> auth_authenticating
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: authenticating state entered
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:connecting authenticating action
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting AUTH_START for 0x870002C7
Jul 2 10:37:31.509: dot1x_auth_bend Gi1/0/42: during state auth_bend_idle, got event 4(eapReq_authStart)
Jul 2 10:37:31.509: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_idle -> auth_bend_request
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:entering request state
Jul 2 10:37:31.509: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending EAPOL packet
Jul 2 10:37:31.509: dot1x-registry:registry:dot1x_ether_macaddr called
Jul 2 10:37:31.509: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending out EAPOL packet
Jul 2 10:37:31.509: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jul 2 10:37:31.509: dot1x-packet: length: 0x0005
KAB-7-SW3-IP_PHONE#
Jul 2 10:37:31.509: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Jul 2 10:37:31.509: dot1x-packet: type: 0x1
Jul 2 10:37:31.509: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] EAPOL packet sent to client 0x870002C7
Jul 2 10:37:31.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:idle request action
KAB-7-SW3-IP_PHONE#
Jul 2 10:38:01.506: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] queuing an EAPOL pkt on Auth Q
Jul 2 10:38:01.506: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x1
Jul 2 10:38:01.506: dot1x-packet: length: 0x0000
Jul 2 10:38:01.506: dot1x-ev:[Gi1/0/42] Dequeued pkt: Int Gi1/0/42 CODE= 0,TYPE= 0,LEN= 0

Jul 2 10:38:01.506: dot1x-ev:[Gi1/0/42] Received pkt saddr =d4be.d9e8.d52c , daddr = 0180.c200.0003, pae-ether-type = 888e.0301.0000
Jul 2 10:38:01.506: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] Received an EAPOL-Start packet
Jul 2 10:38:01.506: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x1
Jul 2 10:38:01.506: dot1x-packet: length: 0x0000
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting EAPOL_START on Client 0x870002C7
Jul 2 10:38:01.506: dot1x_auth Gi1/0/42: during state auth_authenticating, got event 4(eapolStart)
Jul 2 10:38:01.506: @@@ dot1x_auth Gi1/0/42: auth_authenticating -> auth_aborting
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:exiting authenticating state
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering aborting state
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting AUTH_ABORT for 0x870002C7
Jul 2 10:38:01.506: dot1x_auth_bend Gi1/0/42: during state auth_bend_request, got event 1(authAbort)
Jul 2 10:38:01.506: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_request -> auth_bend_initialize
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering init state
Jul 2 10:38:01.506: dot1x_auth_bend Gi1/0/42: idle during state auth_bend_initialize
Jul 2 10:38:01.506: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_initialize -> auth_bend_idle
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:entering idle state
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting !AUTH_ABORT on Client 0x870002C7
Jul 2 10:38:01.506: dot1x_auth Gi1/0/42: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
Jul 2 10:38:01.506: @@@ dot1x_auth Gi1/0/42: auth_aborting -> auth_restart
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:exiting aborting state
Jul 2 10:38:01.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering restart
Jul 2 10:38:01.506: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Resetting the client 0x870002C7
Jul 2 10:38:01.509: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending create new context event to EAP for 0x870002C7 (d4be.d9e8.d52c)
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:restart action for aborting state
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting !EAP_RESTART on Client 0x870002C7
Jul 2 10:38:01.509: dot1x_auth Gi1/0/42: during state auth_restart, got event 6(no_eapRestart)
Jul 2 10:38:01.509: @@@ dot1x_auth Gi1/0/42: auth_restart -> auth_connecting
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:enter connecting state
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: restart connecting
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting RX_REQ on Client 0x870002C7
Jul 2 10:38:01.509: dot1x_auth Gi1/0/42: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Jul 2 10:38:01.509: @@@ dot1x_auth Gi1/0/42: auth_connecting -> auth_authenticating
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: authenticating state entered
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:connecting authenticating action
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting AUTH_START for 0x870002C7
Jul 2 10:38:01.509: dot1x_auth_bend Gi1/0/42: during state auth_bend_idle, got event 4(eapReq_authStart)
Jul 2 10:38:01.509: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_idle -> auth_bend_request
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:entering request state
Jul 2 10:38:01.509: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending EAPOL packet
KAB-7-SW3-IP_PHONE#
Jul 2 10:38:01.509: dot1x-registry:registry:dot1x_ether_macaddr called
Jul 2 10:38:01.509: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending out EAPOL packet
Jul 2 10:38:01.509: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jul 2 10:38:01.509: dot1x-packet: length: 0x0005
Jul 2 10:38:01.509: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Jul 2 10:38:01.509: dot1x-packet: type: 0x1
Jul 2 10:38:01.509: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] EAPOL packet sent to client 0x870002C7
Jul 2 10:38:01.509: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:idle request action
KAB-7-SW3-IP_PHONE#
Jul 2 10:38:31.506: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] queuing an EAPOL pkt on Auth Q
Jul 2 10:38:31.506: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x1
Jul 2 10:38:31.506: dot1x-packet: length: 0x0000
Jul 2 10:38:31.506: dot1x-ev:[Gi1/0/42] Dequeued pkt: Int Gi1/0/42 CODE= 0,TYPE= 0,LEN= 0

Jul 2 10:38:31.506: dot1x-ev:[Gi1/0/42] Received pkt saddr =d4be.d9e8.d52c , daddr = 0180.c200.0003, pae-ether-type = 888e.0301.0000
Jul 2 10:38:31.506: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] Received an EAPOL-Start packet
Jul 2 10:38:31.506: dot1x-packet:EAPOL pak rx - Ver: 0x3 type: 0x1
Jul 2 10:38:31.506: dot1x-packet: length: 0x0000
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting EAPOL_START on Client 0x870002C7
Jul 2 10:38:31.506: dot1x_auth Gi1/0/42: during state auth_authenticating, got event 4(eapolStart)
Jul 2 10:38:31.506: @@@ dot1x_auth Gi1/0/42: auth_authenticating -> auth_aborting
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:exiting authenticating state
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering aborting state
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting AUTH_ABORT for 0x870002C7
Jul 2 10:38:31.506: dot1x_auth_bend Gi1/0/42: during state auth_bend_request, got event 1(authAbort)
Jul 2 10:38:31.506: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_request -> auth_bend_initialize
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering init state
Jul 2 10:38:31.506: dot1x_auth_bend Gi1/0/42: idle during state auth_bend_initialize
Jul 2 10:38:31.506: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_initialize -> auth_bend_idle
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:entering idle state
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting !AUTH_ABORT on Client 0x870002C7
Jul 2 10:38:31.506: dot1x_auth Gi1/0/42: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
Jul 2 10:38:31.506: @@@ dot1x_auth Gi1/0/42: auth_aborting -> auth_restart
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:exiting aborting state
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: entering restart
Jul 2 10:38:31.506: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Resetting the client 0x870002C7
Jul 2 10:38:31.506: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending create new context event to EAP for 0x870002C7 (d4be.d9e8.d52c)
Jul 2 10:38:31.506: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:restart action for aborting state
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting !EAP_RESTART on Client 0x870002C7
Jul 2 10:38:31.510: dot1x_auth Gi1/0/42: during state auth_restart, got event 6(no_eapRestart)
Jul 2 10:38:31.510: @@@ dot1x_auth Gi1/0/42: auth_restart -> auth_connecting
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:enter connecting state
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: restart connecting
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting RX_REQ on Client 0x870002C7
Jul 2 10:38:31.510: dot1x_auth Gi1/0/42: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Jul 2 10:38:31.510: @@@ dot1x_auth Gi1/0/42: auth_connecting -> auth_authenticating
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7: authenticating state entered
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:connecting authenticating action
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] Posting AUTH_START for 0x870002C7
Jul 2 10:38:31.510: dot1x_auth_bend Gi1/0/42: during state auth_bend_idle, got event 4(eapReq_authStart)
Jul 2 10:38:31.510: @@@ dot1x_auth_bend Gi1/0/42: auth_bend_idle -> auth_bend_request
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:entering request state
Jul 2 10:38:31.510: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending EAPOL packet
KAB-7-SW3-IP_PHONE#
Jul 2 10:38:31.510: dot1x-registry:registry:dot1x_ether_macaddr called
Jul 2 10:38:31.510: dot1x-ev:[d4be.d9e8.d52c, Gi1/0/42] Sending out EAPOL packet
Jul 2 10:38:31.510: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jul 2 10:38:31.510: dot1x-packet: length: 0x0005
Jul 2 10:38:31.510: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Jul 2 10:38:31.510: dot1x-packet: type: 0x1
Jul 2 10:38:31.510: dot1x-packet:[d4be.d9e8.d52c, Gi1/0/42] EAPOL packet sent to client 0x870002C7
Jul 2 10:38:31.510: dot1x-sm:[d4be.d9e8.d52c, Gi1/0/42] 0x870002C7:idle request action
KAB-7-SW3-IP_PHONE#

and cisco anyconnect nam log logs (DARTY logging) and nam

emre
Level 1
Level 1

hello friends,

I am sending you the debug output regarding the problem I am experiencing.

I couldn't make sense of the debug output

I would really appreciate if you can help

thank you.