Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
505
Views
10
Helpful
3
Replies

Cisco ISE 3.0 DACL Issue

Go to solution
ifabrizio
Beginner
Beginner

ā€Ž02-10-2023 01:53 AM

Dear All,

 

I have setup a Cisco ISE 3.0 to authenticate and authorize using DACL a Windows 10 device.

The Authentication is done using EAP-TLS, and it works.

The DACL is correctly download on the NAD Cisco 4500 Sup8:

Feb 10 10:02:00.108 ITA: dot1x-ev:[Gi10/32] Interface state changed to DOWN
Feb 10 10:02:00.110 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Processing client delete for hdl 0x17000002 sent by Auth Mgr
Feb 10 10:02:00.110 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Deleting client 0x17000002 (d05f.db2a.04f8)
Feb 10 10:02:00.110 ITA: dot1x-ev:[Gi10/32] No DOT1X subblock found for port down
Feb 10 10:02:00.111 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:00.111 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:00.111 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:00.111 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Delete auth client (0x17000002) message
Feb 10 10:02:00.111 ITA: dot1x-ev:Auth client ctx destroyed
Feb 10 10:02:00.112 ITA: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL| EVENT DETACH-SUCCESS
Feb 10 10:02:00.113 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:00.113 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:00.113 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:00.146 ITA: RADIUS: Received from id 1646/165 198.168.31.248:1646, Accounting-response, len 20
Feb 10 10:02:00.113 ITA: %EPM-6-AUTH_ACL: STANDBY:POLICY Auth-Default-ACL| EVENT DETACH-SUCCESS
Feb 10 10:02:07.556 ITA: dot1x-ev:[Gi10/32] Interface state changed to UP
Feb 10 10:02:07.568 ITA: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet10/32
Feb 10 10:02:07.799 ITA: dot1x_auth Gi10/32: initial state auth_initialize has enter
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: initialising
Feb 10 10:02:07.799 ITA: dot1x_auth Gi10/32: during state auth_initialize, got event 0(cfg_auto)
Feb 10 10:02:07.799 ITA: @@@ dot1x_auth Gi10/32: auth_initialize -> auth_disconnected
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: disconnected
Feb 10 10:02:07.799 ITA: dot1x_auth Gi10/32: idle during state auth_disconnected
Feb 10 10:02:07.799 ITA: @@@ dot1x_auth Gi10/32: auth_disconnected -> auth_restart
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering restart
Feb 10 10:02:07.799 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending create new context event to EAP for 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:07.799 ITA: dot1x_auth_bend Gi10/32: initial state auth_bend_initialize has enter
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering init state
Feb 10 10:02:07.799 ITA: dot1x_auth_bend Gi10/32: initial state auth_bend_initialize has idle
Feb 10 10:02:07.799 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_initialize, got event 16383(idle)
Feb 10 10:02:07.799 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_initialize -> auth_bend_idle
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering idle state
Feb 10 10:02:07.799 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Created a client entry (0x5E000003)
Feb 10 10:02:07.799 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Dot1x authentication started for 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting !EAP_RESTART on Client 0x5E000003
Feb 10 10:02:07.800 ITA: dot1x_auth Gi10/32: during state auth_restart, got event 6(no_eapRestart)
Feb 10 10:02:07.800 ITA: @@@ dot1x_auth Gi10/32: auth_restart -> auth_connecting
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:enter connecting state
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: restart connecting
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting RX_REQ on Client 0x5E000003
Feb 10 10:02:07.800 ITA: dot1x_auth Gi10/32: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Feb 10 10:02:07.800 ITA: @@@ dot1x_auth Gi10/32: auth_connecting -> auth_authenticating
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: authenticating state entered
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:connecting authenticating action
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_START for 0x5E000003
Feb 10 10:02:07.800 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_idle, got event 4(eapReq_authStart)
Feb 10 10:02:07.800 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_idle -> auth_bend_request
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:07.801 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:07.801 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:07.801 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:07.801 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:07.801 ITA: dot1x-packet: length: 0x0005
Feb 10 10:02:07.801 ITA: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Feb 10 10:02:07.801 ITA: dot1x-packet: type: 0x1
Feb 10 10:02:07.801 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:07.801 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:idle request action
Feb 10 10:02:08.007 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] queuing an EAPOL pkt on Auth Q
Feb 10 10:02:08.007 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
Feb 10 10:02:08.007 ITA: dot1x-packet: length: 0x0000
Feb 10 10:02:08.008 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 0,TYPE= 0,LEN= 0

Feb 10 10:02:08.008 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
Feb 10 10:02:08.008 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Received an EAPOL-Start packet
Feb 10 10:02:08.008 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
Feb 10 10:02:08.008 ITA: dot1x-packet: length: 0x0000
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_START on Client 0x5E000003
Feb 10 10:02:08.008 ITA: dot1x_auth Gi10/32: during state auth_authenticating, got event 4(eapolStart)
Feb 10 10:02:08.008 ITA: @@@ dot1x_auth Gi10/32: auth_authenticating -> auth_aborting
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting authenticating state
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering aborting state
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_ABORT for 0x5E000003
Feb 10 10:02:08.008 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 1(authAbort)
Feb 10 10:02:08.008 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_initialize
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering init state
Feb 10 10:02:08.008 ITA: dot1x_auth_bend Gi10/32: idle during state auth_bend_initialize
Feb 10 10:02:08.009 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_initialize -> auth_bend_idle
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering idle state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting !AUTH_ABORT on Client 0x5E000003
Feb 10 10:02:08.009 ITA: dot1x_auth Gi10/32: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
Feb 10 10:02:08.009 ITA: @@@ dot1x_auth Gi10/32: auth_aborting -> auth_restart
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting aborting state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering restart
Feb 10 10:02:08.009 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Resetting the client 0x5E000003
Feb 10 10:02:08.009 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending create new context event to EAP for 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:restart action for aborting state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting !EAP_RESTART on Client 0x5E000003
Feb 10 10:02:08.009 ITA: dot1x_auth Gi10/32: during state auth_restart, got event 6(no_eapRestart)
Feb 10 10:02:08.009 ITA: @@@ dot1x_auth Gi10/32: auth_restart -> auth_connecting
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:enter connecting state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: restart connecting
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting RX_REQ on Client 0x5E000003
Feb 10 10:02:08.010 ITA: dot1x_auth Gi10/32: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Feb 10 10:02:08.010 ITA: @@@ dot1x_auth Gi10/32: auth_connecting -> auth_authenticating
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: authenticating state entered
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:connecting authenticating action
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_START for 0x5E000003
Feb 10 10:02:08.010 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_idle, got event 4(eapReq_authStart)
Feb 10 10:02:08.010 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_idle -> auth_bend_request
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.010 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.010 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.010 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.010 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.010 ITA: dot1x-packet: length: 0x0005
Feb 10 10:02:08.010 ITA: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Feb 10 10:02:08.010 ITA: dot1x-packet: type: 0x1
Feb 10 10:02:08.010 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:idle request action
Feb 10 10:02:08.036 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.037 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.037 ITA: dot1x-packet: length: 0x0026
Feb 10 10:02:08.037 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 1,LEN= 38

Feb 10 10:02:08.037 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0026
Feb 10 10:02:08.037 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.037 ITA: dot1x-packet: length: 0x0026
Feb 10 10:02:08.037 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.037 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.037 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.037 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.037 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.037 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.038 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.038 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.038 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.048 ITA: RADIUS: Received from id 1645/63 198.168.31.248:1645, Access-Challenge, len 130
Feb 10 10:02:08.048 ITA: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Feb 10 10:02:08.048 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.048 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.049 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.049 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.049 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.049 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.049 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.049 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.049 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.049 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.049 ITA: dot1x-packet:EAP code: 0x1 id: 0xBD length: 0x0006
Feb 10 10:02:08.049 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.049 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.049 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:08.051 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.051 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.051 ITA: dot1x-packet: length: 0x00AC
Feb 10 10:02:08.051 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 172

Feb 10 10:02:08.051 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.00ac
Feb 10 10:02:08.051 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.051 ITA: dot1x-packet: length: 0x00AC
Feb 10 10:02:08.051 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.051 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.051 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.051 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.051 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.051 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.052 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.052 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.052 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.069 ITA: RADIUS: Received from id 1645/64 198.168.31.248:1645, Access-Challenge, len 1142
Feb 10 10:02:08.070 ITA: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253, total 1012 bytes
Feb 10 10:02:08.070 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.070 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.070 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.070 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.070 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.070 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.070 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.070 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.070 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.070 ITA: dot1x-packet: length: 0x03F4
Feb 10 10:02:08.070 ITA: dot1x-packet:EAP code: 0x1 id: 0xBE length: 0x03F4
Feb 10 10:02:08.070 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.071 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.071 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:08.083 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.084 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.084 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.084 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 6

Feb 10 10:02:08.084 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Feb 10 10:02:08.084 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.084 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.084 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.084 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.084 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.084 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.084 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.084 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.085 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.085 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.085 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.085 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.086 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.086 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.086 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.092 ITA: RADIUS: Received from id 1645/65 198.168.31.248:1645, Access-Challenge, len 1138
Feb 10 10:02:08.093 ITA: RADIUS/DECODE: EAP-Message fragments, 253+253+253+249, total 1008 bytes
Feb 10 10:02:08.093 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.093 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.093 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.093 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.093 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.093 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.094 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.094 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.094 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.094 ITA: dot1x-packet: length: 0x03F0
Feb 10 10:02:08.094 ITA: dot1x-packet:EAP code: 0x1 id: 0xBF length: 0x03F0
Feb 10 10:02:08.094 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.094 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.094 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:08.102 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.116 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.116 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.116 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 6

Feb 10 10:02:08.116 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Feb 10 10:02:08.116 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.116 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.116 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.117 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.117 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.117 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.117 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.117 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.118 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.118 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.118 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.137 ITA: RADIUS: Received from id 1645/66 198.168.31.248:1645, Access-Challenge, len 638
Feb 10 10:02:08.137 ITA: RADIUS/DECODE: EAP-Message fragments, 253+253+4, total 510 bytes
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.138 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.138 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.138 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.138 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.138 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.138 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.138 ITA: dot1x-packet: length: 0x01FE
Feb 10 10:02:08.138 ITA: dot1x-packet:EAP code: 0x1 id: 0xC0 length: 0x01FE
Feb 10 10:02:08.138 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.138 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:21.750 ITA: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi4/5, vlan 3.([0080.2f13.cfd9/10.0.0.63/0080.2f13.cfd9/172.26.2.42/10:02:21 ITA Fri Feb 10 2023])
Feb 10 10:02:27.774 ITA: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi4/5, vlan 3.([0080.2f13.cfd9/10.0.0.63/2501.0009.b7d7/172.26.2.42/10:02:27 ITA Fri Feb 10 2023])
Feb 10 10:02:32.219 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:32.219 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.219 ITA: dot1x-packet: length: 0x05D4
Feb 10 10:02:32.219 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 1492

Feb 10 10:02:32.220 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.05d4
Feb 10 10:02:32.220 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.220 ITA: dot1x-packet: length: 0x05D4
Feb 10 10:02:32.220 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:32.220 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:32.220 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:32.220 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:32.220 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:32.220 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:32.220 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.221 ITA: RADIUS/ENCODE: EAP-Message fragment 1492 into 253+253+253+253+253+227, total 1492 bytes
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:32.221 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.221 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.231 ITA: RADIUS: Received from id 1645/67 198.168.31.248:1645, Access-Challenge, len 130
Feb 10 10:02:32.231 ITA: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Feb 10 10:02:32.231 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:32.231 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:32.231 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:32.232 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:32.232 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:32.232 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:32.232 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:32.232 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:32.232 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:32.232 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:32.232 ITA: dot1x-packet:EAP code: 0x1 id: 0xC1 length: 0x0006
Feb 10 10:02:32.232 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:32.232 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:32.232 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:32.236 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:32.244 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.244 ITA: dot1x-packet: length: 0x0154
Feb 10 10:02:32.244 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 340

Feb 10 10:02:32.244 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0154
Feb 10 10:02:32.244 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.244 ITA: dot1x-packet: length: 0x0154
Feb 10 10:02:32.244 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:32.244 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:32.244 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:32.244 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:32.244 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:32.244 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:32.245 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.245 ITA: RADIUS/ENCODE: EAP-Message fragment 340 into 253+87, total 340 bytes
Feb 10 10:02:32.245 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.245 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:32.245 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.246 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.246 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.246 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.258 ITA: RADIUS: Received from id 1645/68 198.168.31.248:1645, Access-Challenge, len 181
Feb 10 10:02:32.258 ITA: RADIUS/DECODE: EAP-Message fragments, 57, total 57 bytes
Feb 10 10:02:32.258 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:32.258 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:32.259 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:32.259 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:32.259 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:32.259 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:32.259 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:32.259 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:32.259 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:32.259 ITA: dot1x-packet: length: 0x0039
Feb 10 10:02:32.259 ITA: dot1x-packet:EAP code: 0x1 id: 0xC2 length: 0x0039
Feb 10 10:02:32.259 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:32.259 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:32.259 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:32.267 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:32.274 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.274 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:32.275 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 6

Feb 10 10:02:32.275 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Feb 10 10:02:32.275 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.275 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:32.275 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:32.275 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:32.275 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:32.275 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:32.275 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:32.275 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:32.275 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:32.276 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.276 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.341 ITA: RADIUS: Received from id 1645/69 198.168.31.248:1645, Access-Accept, len 416
Feb 10 10:02:32.341 ITA: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Feb 10 10:02:32.342 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Received an EAP Success
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_SUCCESS for 0x5E000003
Feb 10 10:02:32.342 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 11(eapSuccess)
Feb 10 10:02:32.342 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_success
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering success state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response success action
Feb 10 10:02:32.342 ITA: dot1x_auth_bend Gi10/32: idle during state auth_bend_success
Feb 10 10:02:32.342 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_success -> auth_bend_idle
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering idle state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_SUCCESS on Client 0x5E000003
Feb 10 10:02:32.342 ITA: dot1x_auth Gi10/32: during state auth_authenticating, got event 12(authSuccess_portValid)
Feb 10 10:02:32.342 ITA: @@@ dot1x_auth Gi10/32: auth_authenticating -> auth_authc_result
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting authenticating state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering authc result state
Feb 10 10:02:32.343 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAP Key data detected adding to attribute list
Feb 10 10:02:32.344 ITA: %EPM-6-POLICY_REQ: IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT APPLY
Feb 10 10:02:32.345 ITA: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL| EVENT ATTACH-SUCCESS
Feb 10 10:02:32.345 ITA: %EPM-6-AAA: POLICY xACSACLx-IP-FirstTestDACL-63e603a8| EVENT DOWNLOAD_REQUEST
Feb 10 10:02:32.346 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.346 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.346 ITA: RADIUS/ENCODE: Skip encoding 0 length AAA attribute formatted-clid
Feb 10 10:02:32.347 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.347 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.347 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.347 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.359 ITA: %EPM-6-POLICY_REQ: IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT APPLY
Feb 10 10:02:32.388 ITA: RADIUS: Received from id 1645/70 198.168.31.248:1645, Access-Accept, len 198
Feb 10 10:02:32.389 ITA: %EPM-6-AAA: POLICY xACSACLx-IP-FirstTestDACL-63e603a8| EVENT DOWNLOAD-SUCCESS
Feb 10 10:02:32.392 ITA: %EPM-6-POLICY_APP_SUCCESS: Policy Application succeded for Client [172.26.3.243] MAC [d05f.db2a.04f8] AuditSession ID [AC1AEF04000000180A6E45A8] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-FirstTestDACL-63e603a8]
Feb 10 10:02:33.378 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Received Authz Success for the client 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:33.378 ITA: dot1x-redundancy:[d05f.db2a.04f8, Gi10/32] State for client successfully retrieved
Feb 10 10:02:33.380 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTHZ_SUCCESS on Client 0x5E000003
Feb 10 10:02:33.380 ITA: dot1x_auth Gi10/32: during state auth_authc_result, got event 23(authzSuccess)
Feb 10 10:02:33.380 ITA: @@@ dot1x_auth Gi10/32: auth_authc_result -> auth_authenticated
Feb 10 10:02:33.380 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering authenticated state
Feb 10 10:02:33.380 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:33.380 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:33.381 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:33.381 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:33.381 ITA: dot1x-packet: length: 0x0004
Feb 10 10:02:33.381 ITA: dot1x-packet:EAP code: 0x3 id: 0xC2 length: 0x0004
Feb 10 10:02:33.381 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:33.381 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:33.381 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:33.381 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:33.382 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:33.382 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:33.382 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:33.392 ITA: RADIUS: Received from id 1646/166 198.168.31.248:1646, Accounting-response, len 20
Feb 10 10:02:32.387 ITA: %EPM-6-AAA: STANDBY:POLICY xACSACLx-IP-FirstTestDACL-63e603a8| EVENT DOWNLOAD-SUCCESS
Feb 10 10:02:33.380 ITA: %EPM-6-POLICY_REQ: STANDBY:IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID | EVENT APPLY
Feb 10 10:02:33.381 ITA: %EPM-6-AUTH_ACL: STANDBY:POLICY Auth-Default-ACL| EVENT ATTACH-SUCCESS
Feb 10 10:02:33.385 ITA: %EPM-6-POLICY_REQ: STANDBY:IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID | EVENT APPLY
Feb 10 10:02:33.386 ITA: %EPM-6-POLICY_APP_SUCCESS: STANDBY:Policy Application succeded for Client [172.26.3.243] MAC [d05f.db2a.04f8] AuditSession ID [] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-FirstTestDACL-63e603a8]

But after 5 minutes I got on the NAD:

Feb 10 10:07:34.796 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:07:34.796 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:07:34.796 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:07:34.796 ITA: %EPM-6-IPEVENT: IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT IP-RELEASE
Feb 10 10:07:34.796 ITA: %EPM-6-IPEVENT: IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT IP-RELEASE
Feb 10 10:07:34.797 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:07:34.797 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:07:34.798 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:07:34.803 ITA: RADIUS: Received from id 1646/167 198.168.31.248:1646, Accounting-response, len 20
Feb 10 10:07:34.798 ITA: %EPM-6-IPEVENT: STANDBY:IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID | EVENT IP-RELEASE
Feb 10 10:07:34.798 ITA: %EPM-6-IPEVENT: STANDBY:IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID | EVENT IP-RELEASE

And after that the Windows 10 device stop to communicate, I check the Tracking table on the NAD and I see that the client IPV4 is diasappeared:

-----------------------------------------------------------------------------------------------
IP Address MAC Address Vlan Interface Probe-Timeout State Source
-----------------------------------------------------------------------------------------------
172.26.3.243 d05f.db2a.04f8 3 GigabitEthernet10/32 300 ACTIVE DHCP  <----Could be this Probe-timeout the issue?

Interface: GigabitEthernet10/32
MAC Address: d05f.db2a.04f8
IPv6 Address: Unknown
IPv4 Address: 172.26.3.243
User-Name: PORT.test.com
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: 172800s (local), Remaining: 172568s
Session Uptime: 258s
Common Session ID: AC1AEF04000000180A6E45A8
Acct Session ID: 0x00000070
Handle: 0x01000003
Current Policy: POLICY_Gi10/32

 

After 5 minutes:

Interface: GigabitEthernet10/32
MAC Address: d05f.db2a.04f8
IPv6 Address: Unknown
IPv4 Address: Unknown
User-Name: PORT.test.com
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: 172800s (local), Remaining: 172482s
Session Uptime: 344s
Common Session ID: AC1AEF04000000180A6E45A8
Acct Session ID: 0x00000070
Handle: 0x01000003
Current Policy: POLICY_Gi10/32

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ifabrizio
Beginner
Beginner
In response to hslai

ā€Ž02-22-2023 01:33 AM

I am sorry for my delay to reply.

The problem  do not occur anymore, in the meantime I have upgradated our Core switches, (from the version s2t54-ipservicesk9-mz.SPA.151-2.SY2 to s2t54-advipservicesk9-mz.SPA.155-1.SY10), that also act as ip helper address for the DHCP server that is Microsoft Server 2012R2.

I suppose that the lost of ip address by the client was caused by some version Bug on the Core. But I do not have any evidences about it.

Anyway thank you for the help.

Bye,

JF.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

ā€Ž02-11-2023 02:07 PM

@ifabrizio DHCP not attempted or not working for some reason? We should see EVENT=IP-WAIT after EVENT=IP-RELEASE.

PS: It does not seem ISE 3.0 triggering this. ISE parts are done once the RADIUS auth completes and DACL downloaded to the switch.

Go to solution
ifabrizio
Beginner
Beginner
In response to hslai

ā€Ž02-22-2023 01:33 AM

I am sorry for my delay to reply.

The problem  do not occur anymore, in the meantime I have upgradated our Core switches, (from the version s2t54-ipservicesk9-mz.SPA.151-2.SY2 to s2t54-advipservicesk9-mz.SPA.155-1.SY10), that also act as ip helper address for the DHCP server that is Microsoft Server 2012R2.

I suppose that the lost of ip address by the client was caused by some version Bug on the Core. But I do not have any evidences about it.

Anyway thank you for the help.

Bye,

JF.

0 Helpful

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

ā€Ž02-12-2023 08:18 PM

hello @ifabrizio , the 5 minutes that you are mentioning in your situation are probably due to the IPDT default-lifetime please review the following link to review that contain information about https://community.cisco.com/t5/switching/ip-device-tracking-new-cli-sisf-denali-16-3-5/td-p/3300123 

Let me know if that helped you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents