Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8987
Views
5
Helpful
2
Replies

Clients not authenticating over dot1x after IOS upgrade

Go to solution
TJ - Networking
Level 1
Level 1

‎01-14-2020 09:03 AM - edited ‎02-21-2020 11:13 AM

Hello everyone!

I have two clients that are not authenticating over dot1x, all others connected to the switch are able to authenticate. I've checked the settings on the workstations and everything is properly configured (the same as the workstations that are working). 

I checked the logs on the RADIUS server and it appears that the radius is not even coming into the picture because there aren't any logs regarding the two workstations. 

The following message is the same for both interfaces. 

Jan 14 15:32:50.862: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (xxxx.xxxx.xxxx) with reason (No Response from Client) on Interface Gi1/0/25 
Jan 14 15:32:50.863: %SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (xxxx.xxxx.xxxx) on Interface GigabitEthernet1/0/25 AuditSessionID xxxxxxxxxxxxxxxx. Failure reason: Authc fail. Authc failure reason: No Response from Client.

 

I'm on version Fuji 16.9.4 

 

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎01-15-2020 06:59 AM

Make sure the supplicant service is running on the client and that there is no firewall running on the device.  Also, make sure there is no adapter or transceiver between the PC and the switchport that could not be forwarding the EAPOL frames.  You could do a packet capture on the client or SPAN the switchport to see if the client is even sending any EAPOL frames.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pan
Cisco Employee
Cisco Employee

‎01-14-2020 06:11 PM

From the logs it seem client are not responding to dot1x request. You can confirm this by taking pcap on client machine.

 

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎01-15-2020 06:59 AM

Make sure the supplicant service is running on the client and that there is no firewall running on the device.  Also, make sure there is no adapter or transceiver between the PC and the switchport that could not be forwarding the EAPOL frames.  You could do a packet capture on the client or SPAN the switchport to see if the client is even sending any EAPOL frames.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents