Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1231
Views
10
Helpful
3
Replies

Cisco ISE 3.0 DACL Issue

Go to solution
ifabrizio
Level 3
Level 3

‎02-10-2023 01:53 AM

Dear All,

 

I have setup a Cisco ISE 3.0 to authenticate and authorize using DACL a Windows 10 device.

The Authentication is done using EAP-TLS, and it works.

The DACL is correctly download on the NAD Cisco 4500 Sup8:

Feb 10 10:02:00.108 ITA: dot1x-ev:[Gi10/32] Interface state changed to DOWN
Feb 10 10:02:00.110 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Processing client delete for hdl 0x17000002 sent by Auth Mgr
Feb 10 10:02:00.110 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Deleting client 0x17000002 (d05f.db2a.04f8)
Feb 10 10:02:00.110 ITA: dot1x-ev:[Gi10/32] No DOT1X subblock found for port down
Feb 10 10:02:00.111 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:00.111 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:00.111 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:00.111 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Delete auth client (0x17000002) message
Feb 10 10:02:00.111 ITA: dot1x-ev:Auth client ctx destroyed
Feb 10 10:02:00.112 ITA: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL| EVENT DETACH-SUCCESS
Feb 10 10:02:00.113 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:00.113 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:00.113 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:00.146 ITA: RADIUS: Received from id 1646/165 198.168.31.248:1646, Accounting-response, len 20
Feb 10 10:02:00.113 ITA: %EPM-6-AUTH_ACL: STANDBY:POLICY Auth-Default-ACL| EVENT DETACH-SUCCESS
Feb 10 10:02:07.556 ITA: dot1x-ev:[Gi10/32] Interface state changed to UP
Feb 10 10:02:07.568 ITA: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet10/32
Feb 10 10:02:07.799 ITA: dot1x_auth Gi10/32: initial state auth_initialize has enter
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: initialising
Feb 10 10:02:07.799 ITA: dot1x_auth Gi10/32: during state auth_initialize, got event 0(cfg_auto)
Feb 10 10:02:07.799 ITA: @@@ dot1x_auth Gi10/32: auth_initialize -> auth_disconnected
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: disconnected
Feb 10 10:02:07.799 ITA: dot1x_auth Gi10/32: idle during state auth_disconnected
Feb 10 10:02:07.799 ITA: @@@ dot1x_auth Gi10/32: auth_disconnected -> auth_restart
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering restart
Feb 10 10:02:07.799 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending create new context event to EAP for 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:07.799 ITA: dot1x_auth_bend Gi10/32: initial state auth_bend_initialize has enter
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering init state
Feb 10 10:02:07.799 ITA: dot1x_auth_bend Gi10/32: initial state auth_bend_initialize has idle
Feb 10 10:02:07.799 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_initialize, got event 16383(idle)
Feb 10 10:02:07.799 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_initialize -> auth_bend_idle
Feb 10 10:02:07.799 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering idle state
Feb 10 10:02:07.799 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Created a client entry (0x5E000003)
Feb 10 10:02:07.799 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Dot1x authentication started for 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting !EAP_RESTART on Client 0x5E000003
Feb 10 10:02:07.800 ITA: dot1x_auth Gi10/32: during state auth_restart, got event 6(no_eapRestart)
Feb 10 10:02:07.800 ITA: @@@ dot1x_auth Gi10/32: auth_restart -> auth_connecting
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:enter connecting state
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: restart connecting
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting RX_REQ on Client 0x5E000003
Feb 10 10:02:07.800 ITA: dot1x_auth Gi10/32: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Feb 10 10:02:07.800 ITA: @@@ dot1x_auth Gi10/32: auth_connecting -> auth_authenticating
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: authenticating state entered
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:connecting authenticating action
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_START for 0x5E000003
Feb 10 10:02:07.800 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_idle, got event 4(eapReq_authStart)
Feb 10 10:02:07.800 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_idle -> auth_bend_request
Feb 10 10:02:07.800 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:07.801 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:07.801 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:07.801 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:07.801 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:07.801 ITA: dot1x-packet: length: 0x0005
Feb 10 10:02:07.801 ITA: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Feb 10 10:02:07.801 ITA: dot1x-packet: type: 0x1
Feb 10 10:02:07.801 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:07.801 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:idle request action
Feb 10 10:02:08.007 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] queuing an EAPOL pkt on Auth Q
Feb 10 10:02:08.007 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
Feb 10 10:02:08.007 ITA: dot1x-packet: length: 0x0000
Feb 10 10:02:08.008 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 0,TYPE= 0,LEN= 0

Feb 10 10:02:08.008 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
Feb 10 10:02:08.008 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Received an EAPOL-Start packet
Feb 10 10:02:08.008 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
Feb 10 10:02:08.008 ITA: dot1x-packet: length: 0x0000
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_START on Client 0x5E000003
Feb 10 10:02:08.008 ITA: dot1x_auth Gi10/32: during state auth_authenticating, got event 4(eapolStart)
Feb 10 10:02:08.008 ITA: @@@ dot1x_auth Gi10/32: auth_authenticating -> auth_aborting
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting authenticating state
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering aborting state
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_ABORT for 0x5E000003
Feb 10 10:02:08.008 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 1(authAbort)
Feb 10 10:02:08.008 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_initialize
Feb 10 10:02:08.008 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering init state
Feb 10 10:02:08.008 ITA: dot1x_auth_bend Gi10/32: idle during state auth_bend_initialize
Feb 10 10:02:08.009 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_initialize -> auth_bend_idle
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering idle state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting !AUTH_ABORT on Client 0x5E000003
Feb 10 10:02:08.009 ITA: dot1x_auth Gi10/32: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
Feb 10 10:02:08.009 ITA: @@@ dot1x_auth Gi10/32: auth_aborting -> auth_restart
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting aborting state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: entering restart
Feb 10 10:02:08.009 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Resetting the client 0x5E000003
Feb 10 10:02:08.009 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending create new context event to EAP for 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:restart action for aborting state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting !EAP_RESTART on Client 0x5E000003
Feb 10 10:02:08.009 ITA: dot1x_auth Gi10/32: during state auth_restart, got event 6(no_eapRestart)
Feb 10 10:02:08.009 ITA: @@@ dot1x_auth Gi10/32: auth_restart -> auth_connecting
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:enter connecting state
Feb 10 10:02:08.009 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: restart connecting
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting RX_REQ on Client 0x5E000003
Feb 10 10:02:08.010 ITA: dot1x_auth Gi10/32: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Feb 10 10:02:08.010 ITA: @@@ dot1x_auth Gi10/32: auth_connecting -> auth_authenticating
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003: authenticating state entered
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:connecting authenticating action
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_START for 0x5E000003
Feb 10 10:02:08.010 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_idle, got event 4(eapReq_authStart)
Feb 10 10:02:08.010 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_idle -> auth_bend_request
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.010 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.010 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.010 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.010 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.010 ITA: dot1x-packet: length: 0x0005
Feb 10 10:02:08.010 ITA: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Feb 10 10:02:08.010 ITA: dot1x-packet: type: 0x1
Feb 10 10:02:08.010 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.010 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:idle request action
Feb 10 10:02:08.036 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.037 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.037 ITA: dot1x-packet: length: 0x0026
Feb 10 10:02:08.037 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 1,LEN= 38

Feb 10 10:02:08.037 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0026
Feb 10 10:02:08.037 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.037 ITA: dot1x-packet: length: 0x0026
Feb 10 10:02:08.037 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.037 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.037 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.037 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.037 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.037 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.038 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.038 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.038 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.038 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.048 ITA: RADIUS: Received from id 1645/63 198.168.31.248:1645, Access-Challenge, len 130
Feb 10 10:02:08.048 ITA: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Feb 10 10:02:08.048 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.048 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.049 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.049 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.049 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.049 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.049 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.049 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.049 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.049 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.049 ITA: dot1x-packet:EAP code: 0x1 id: 0xBD length: 0x0006
Feb 10 10:02:08.049 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.049 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.049 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:08.051 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.051 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.051 ITA: dot1x-packet: length: 0x00AC
Feb 10 10:02:08.051 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 172

Feb 10 10:02:08.051 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.00ac
Feb 10 10:02:08.051 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.051 ITA: dot1x-packet: length: 0x00AC
Feb 10 10:02:08.051 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.051 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.051 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.051 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.051 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.051 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.052 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.052 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.052 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.052 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.069 ITA: RADIUS: Received from id 1645/64 198.168.31.248:1645, Access-Challenge, len 1142
Feb 10 10:02:08.070 ITA: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253, total 1012 bytes
Feb 10 10:02:08.070 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.070 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.070 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.070 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.070 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.070 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.070 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.070 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.070 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.070 ITA: dot1x-packet: length: 0x03F4
Feb 10 10:02:08.070 ITA: dot1x-packet:EAP code: 0x1 id: 0xBE length: 0x03F4
Feb 10 10:02:08.070 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.071 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.071 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:08.083 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.084 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.084 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.084 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 6

Feb 10 10:02:08.084 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Feb 10 10:02:08.084 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.084 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.084 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.084 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.084 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.084 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.084 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.084 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.085 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.085 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.085 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.085 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.086 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.086 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.086 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.092 ITA: RADIUS: Received from id 1645/65 198.168.31.248:1645, Access-Challenge, len 1138
Feb 10 10:02:08.093 ITA: RADIUS/DECODE: EAP-Message fragments, 253+253+253+249, total 1008 bytes
Feb 10 10:02:08.093 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.093 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.093 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.093 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.093 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.093 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.094 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.094 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.094 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.094 ITA: dot1x-packet: length: 0x03F0
Feb 10 10:02:08.094 ITA: dot1x-packet:EAP code: 0x1 id: 0xBF length: 0x03F0
Feb 10 10:02:08.094 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.094 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.094 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:08.102 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:08.116 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.116 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.116 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 6

Feb 10 10:02:08.116 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Feb 10 10:02:08.116 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:08.116 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:08.116 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:08.117 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:08.117 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:08.117 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:08.117 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:08.117 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:08.118 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:08.118 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:08.118 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:08.118 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:08.137 ITA: RADIUS: Received from id 1645/66 198.168.31.248:1645, Access-Challenge, len 638
Feb 10 10:02:08.137 ITA: RADIUS/DECODE: EAP-Message fragments, 253+253+4, total 510 bytes
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:08.138 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:08.138 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:08.138 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:08.138 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:08.138 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:08.138 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:08.138 ITA: dot1x-packet: length: 0x01FE
Feb 10 10:02:08.138 ITA: dot1x-packet:EAP code: 0x1 id: 0xC0 length: 0x01FE
Feb 10 10:02:08.138 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:08.138 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:08.138 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:21.750 ITA: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi4/5, vlan 3.([0080.2f13.cfd9/10.0.0.63/0080.2f13.cfd9/172.26.2.42/10:02:21 ITA Fri Feb 10 2023])
Feb 10 10:02:27.774 ITA: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi4/5, vlan 3.([0080.2f13.cfd9/10.0.0.63/2501.0009.b7d7/172.26.2.42/10:02:27 ITA Fri Feb 10 2023])
Feb 10 10:02:32.219 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:32.219 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.219 ITA: dot1x-packet: length: 0x05D4
Feb 10 10:02:32.219 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 1492

Feb 10 10:02:32.220 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.05d4
Feb 10 10:02:32.220 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.220 ITA: dot1x-packet: length: 0x05D4
Feb 10 10:02:32.220 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:32.220 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:32.220 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:32.220 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:32.220 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:32.220 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:32.220 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.221 ITA: RADIUS/ENCODE: EAP-Message fragment 1492 into 253+253+253+253+253+227, total 1492 bytes
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:32.221 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.221 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.221 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.231 ITA: RADIUS: Received from id 1645/67 198.168.31.248:1645, Access-Challenge, len 130
Feb 10 10:02:32.231 ITA: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
Feb 10 10:02:32.231 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:32.231 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:32.231 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:32.232 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:32.232 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:32.232 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:32.232 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:32.232 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:32.232 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:32.232 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:32.232 ITA: dot1x-packet:EAP code: 0x1 id: 0xC1 length: 0x0006
Feb 10 10:02:32.232 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:32.232 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:32.232 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:32.236 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:32.244 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.244 ITA: dot1x-packet: length: 0x0154
Feb 10 10:02:32.244 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 340

Feb 10 10:02:32.244 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0154
Feb 10 10:02:32.244 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.244 ITA: dot1x-packet: length: 0x0154
Feb 10 10:02:32.244 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:32.244 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:32.244 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:32.244 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:32.244 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:32.244 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:32.245 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.245 ITA: RADIUS/ENCODE: EAP-Message fragment 340 into 253+87, total 340 bytes
Feb 10 10:02:32.245 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.245 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:32.245 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.246 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.246 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.246 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.258 ITA: RADIUS: Received from id 1645/68 198.168.31.248:1645, Access-Challenge, len 181
Feb 10 10:02:32.258 ITA: RADIUS/DECODE: EAP-Message fragments, 57, total 57 bytes
Feb 10 10:02:32.258 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_REQ for 0x5E000003
Feb 10 10:02:32.258 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 7(eapReq)
Feb 10 10:02:32.259 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_request
Feb 10 10:02:32.259 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:32.259 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering request state
Feb 10 10:02:32.259 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:32.259 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:32.259 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:32.259 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:32.259 ITA: dot1x-packet: length: 0x0039
Feb 10 10:02:32.259 ITA: dot1x-packet:EAP code: 0x1 id: 0xC2 length: 0x0039
Feb 10 10:02:32.259 ITA: dot1x-packet: type: 0xD
Feb 10 10:02:32.259 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:32.259 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response request action
Feb 10 10:02:32.267 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Queuing an EAPOL pkt on Authenticator Q
Feb 10 10:02:32.274 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.274 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:32.275 ITA: dot1x-ev:[Gi10/32] Dequeued pkt: Int Gi10/32 CODE= 2,TYPE= 13,LEN= 6

Feb 10 10:02:32.275 ITA: dot1x-ev:[Gi10/32] Received pkt saddr =d05f.db2a.04f8 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Feb 10 10:02:32.275 ITA: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Feb 10 10:02:32.275 ITA: dot1x-packet: length: 0x0006
Feb 10 10:02:32.275 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAPOL_EAP for 0x5E000003
Feb 10 10:02:32.275 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_request, got event 6(eapolEap)
Feb 10 10:02:32.275 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_request -> auth_bend_response
Feb 10 10:02:32.275 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering response state
Feb 10 10:02:32.275 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Response sent to the server from 0x5E000003
Feb 10 10:02:32.275 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:request response action
Feb 10 10:02:32.275 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:32.276 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.276 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.276 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.341 ITA: RADIUS: Received from id 1645/69 198.168.31.248:1645, Access-Accept, len 416
Feb 10 10:02:32.341 ITA: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Feb 10 10:02:32.342 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] Received an EAP Success
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting EAP_SUCCESS for 0x5E000003
Feb 10 10:02:32.342 ITA: dot1x_auth_bend Gi10/32: during state auth_bend_response, got event 11(eapSuccess)
Feb 10 10:02:32.342 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_response -> auth_bend_success
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting response state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering success state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:response success action
Feb 10 10:02:32.342 ITA: dot1x_auth_bend Gi10/32: idle during state auth_bend_success
Feb 10 10:02:32.342 ITA: @@@ dot1x_auth_bend Gi10/32: auth_bend_success -> auth_bend_idle
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering idle state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTH_SUCCESS on Client 0x5E000003
Feb 10 10:02:32.342 ITA: dot1x_auth Gi10/32: during state auth_authenticating, got event 12(authSuccess_portValid)
Feb 10 10:02:32.342 ITA: @@@ dot1x_auth Gi10/32: auth_authenticating -> auth_authc_result
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:exiting authenticating state
Feb 10 10:02:32.342 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering authc result state
Feb 10 10:02:32.343 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAP Key data detected adding to attribute list
Feb 10 10:02:32.344 ITA: %EPM-6-POLICY_REQ: IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT APPLY
Feb 10 10:02:32.345 ITA: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL| EVENT ATTACH-SUCCESS
Feb 10 10:02:32.345 ITA: %EPM-6-AAA: POLICY xACSACLx-IP-FirstTestDACL-63e603a8| EVENT DOWNLOAD_REQUEST
Feb 10 10:02:32.346 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:32.346 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:32.346 ITA: RADIUS/ENCODE: Skip encoding 0 length AAA attribute formatted-clid
Feb 10 10:02:32.347 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:32.347 ITA: RADIUS: Message Authenticator encoded
Feb 10 10:02:32.347 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:32.347 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:32.359 ITA: %EPM-6-POLICY_REQ: IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT APPLY
Feb 10 10:02:32.388 ITA: RADIUS: Received from id 1645/70 198.168.31.248:1645, Access-Accept, len 198
Feb 10 10:02:32.389 ITA: %EPM-6-AAA: POLICY xACSACLx-IP-FirstTestDACL-63e603a8| EVENT DOWNLOAD-SUCCESS
Feb 10 10:02:32.392 ITA: %EPM-6-POLICY_APP_SUCCESS: Policy Application succeded for Client [172.26.3.243] MAC [d05f.db2a.04f8] AuditSession ID [AC1AEF04000000180A6E45A8] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-FirstTestDACL-63e603a8]
Feb 10 10:02:33.378 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Received Authz Success for the client 0x5E000003 (d05f.db2a.04f8)
Feb 10 10:02:33.378 ITA: dot1x-redundancy:[d05f.db2a.04f8, Gi10/32] State for client successfully retrieved
Feb 10 10:02:33.380 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] Posting AUTHZ_SUCCESS on Client 0x5E000003
Feb 10 10:02:33.380 ITA: dot1x_auth Gi10/32: during state auth_authc_result, got event 23(authzSuccess)
Feb 10 10:02:33.380 ITA: @@@ dot1x_auth Gi10/32: auth_authc_result -> auth_authenticated
Feb 10 10:02:33.380 ITA: dot1x-sm:[d05f.db2a.04f8, Gi10/32] 0x5E000003:entering authenticated state
Feb 10 10:02:33.380 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending EAPOL packet
Feb 10 10:02:33.380 ITA: dot1x-registry:registry:dot1x_ether_macaddr called
Feb 10 10:02:33.381 ITA: dot1x-ev:[d05f.db2a.04f8, Gi10/32] Sending out EAPOL packet to MAC d05f.db2a.04f8
Feb 10 10:02:33.381 ITA: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Feb 10 10:02:33.381 ITA: dot1x-packet: length: 0x0004
Feb 10 10:02:33.381 ITA: dot1x-packet:EAP code: 0x3 id: 0xC2 length: 0x0004
Feb 10 10:02:33.381 ITA: dot1x-packet:[d05f.db2a.04f8, Gi10/32] EAPOL packet sent to client 0x5E000003
Feb 10 10:02:33.381 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:02:33.381 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:02:33.381 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:02:33.382 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:02:33.382 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:02:33.382 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:02:33.392 ITA: RADIUS: Received from id 1646/166 198.168.31.248:1646, Accounting-response, len 20
Feb 10 10:02:32.387 ITA: %EPM-6-AAA: STANDBY:POLICY xACSACLx-IP-FirstTestDACL-63e603a8| EVENT DOWNLOAD-SUCCESS
Feb 10 10:02:33.380 ITA: %EPM-6-POLICY_REQ: STANDBY:IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID | EVENT APPLY
Feb 10 10:02:33.381 ITA: %EPM-6-AUTH_ACL: STANDBY:POLICY Auth-Default-ACL| EVENT ATTACH-SUCCESS
Feb 10 10:02:33.385 ITA: %EPM-6-POLICY_REQ: STANDBY:IP 172.26.3.243| MAC d05f.db2a.04f8| AuditSessionID | EVENT APPLY
Feb 10 10:02:33.386 ITA: %EPM-6-POLICY_APP_SUCCESS: STANDBY:Policy Application succeded for Client [172.26.3.243] MAC [d05f.db2a.04f8] AuditSession ID [] for POLICY_TYPE [Named Acl] POLICY_NAME [xACSACLx-IP-FirstTestDACL-63e603a8]

But after 5 minutes I got on the NAD:

Feb 10 10:07:34.796 ITA: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 10 10:07:34.796 ITA: RADIUS(00000000): Config NAS IP: 0.0.0.0
Feb 10 10:07:34.796 ITA: RADIUS(00000000): Config NAS IPv6: ::
Feb 10 10:07:34.796 ITA: %EPM-6-IPEVENT: IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT IP-RELEASE
Feb 10 10:07:34.796 ITA: %EPM-6-IPEVENT: IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID AC1AEF04000000180A6E45A8| EVENT IP-RELEASE
Feb 10 10:07:34.797 ITA: RADIUS/ENCODE: Best Local IP-Address 172.26.239.4 for Radius-Server 198.168.31.248
Feb 10 10:07:34.797 ITA: RADIUS(00000000): Sending a IPv4 Radius Packet
Feb 10 10:07:34.798 ITA: RADIUS(00000000): Started 3 sec timeout
Feb 10 10:07:34.803 ITA: RADIUS: Received from id 1646/167 198.168.31.248:1646, Accounting-response, len 20
Feb 10 10:07:34.798 ITA: %EPM-6-IPEVENT: STANDBY:IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID | EVENT IP-RELEASE
Feb 10 10:07:34.798 ITA: %EPM-6-IPEVENT: STANDBY:IP 0.0.0.0| MAC d05f.db2a.04f8| AuditSessionID | EVENT IP-RELEASE

And after that the Windows 10 device stop to communicate, I check the Tracking table on the NAD and I see that the client IPV4 is diasappeared:

-----------------------------------------------------------------------------------------------
IP Address MAC Address Vlan Interface Probe-Timeout State Source
-----------------------------------------------------------------------------------------------
172.26.3.243 d05f.db2a.04f8 3 GigabitEthernet10/32 300 ACTIVE DHCP  <----Could be this Probe-timeout the issue?

Interface: GigabitEthernet10/32
MAC Address: d05f.db2a.04f8
IPv6 Address: Unknown
IPv4 Address: 172.26.3.243
User-Name: PORT.test.com
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: 172800s (local), Remaining: 172568s
Session Uptime: 258s
Common Session ID: AC1AEF04000000180A6E45A8
Acct Session ID: 0x00000070
Handle: 0x01000003
Current Policy: POLICY_Gi10/32

 

After 5 minutes:

Interface: GigabitEthernet10/32
MAC Address: d05f.db2a.04f8
IPv6 Address: Unknown
IPv4 Address: Unknown
User-Name: PORT.test.com
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: 172800s (local), Remaining: 172482s
Session Uptime: 344s
Common Session ID: AC1AEF04000000180A6E45A8
Acct Session ID: 0x00000070
Handle: 0x01000003
Current Policy: POLICY_Gi10/32

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ifabrizio
Level 3
Level 3
In response to hslai

‎02-22-2023 01:33 AM

I am sorry for my delay to reply.

The problem  do not occur anymore, in the meantime I have upgradated our Core switches, (from the version s2t54-ipservicesk9-mz.SPA.151-2.SY2 to s2t54-advipservicesk9-mz.SPA.155-1.SY10), that also act as ip helper address for the DHCP server that is Microsoft Server 2012R2.

I suppose that the lost of ip address by the client was caused by some version Bug on the Core. But I do not have any evidences about it.

Anyway thank you for the help.

Bye,

JF.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎02-11-2023 02:07 PM

@ifabrizio DHCP not attempted or not working for some reason? We should see EVENT=IP-WAIT after EVENT=IP-RELEASE.

PS: It does not seem ISE 3.0 triggering this. ISE parts are done once the RADIUS auth completes and DACL downloaded to the switch.

Go to solution
ifabrizio
Level 3
Level 3
In response to hslai

‎02-22-2023 01:33 AM

I am sorry for my delay to reply.

The problem  do not occur anymore, in the meantime I have upgradated our Core switches, (from the version s2t54-ipservicesk9-mz.SPA.151-2.SY2 to s2t54-advipservicesk9-mz.SPA.155-1.SY10), that also act as ip helper address for the DHCP server that is Microsoft Server 2012R2.

I suppose that the lost of ip address by the client was caused by some version Bug on the Core. But I do not have any evidences about it.

Anyway thank you for the help.

Bye,

JF.

0 Helpful

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

‎02-12-2023 08:18 PM

hello @ifabrizio , the 5 minutes that you are mentioning in your situation are probably due to the IPDT default-lifetime please review the following link to review that contain information about https://community.cisco.com/t5/switching/ip-device-tracking-new-cli-sisf-denali-16-3-5/td-p/3300123 

Let me know if that helped you.

Customers Also Viewed These Support Documents