06-08-2020 10:04 AM
Hi,
Been attempting to setup Dot1x auth with Microsoft NPS server and have had a really hard time finding documentation for this because everything out there is IBNS 2 with ISE, which I don't have ISE and we aren't planning on getting it at this time.
I'm trying to configure based on the below guide using single host mode. I'm looking to have a very basic setup to start building my confidence in this setup.
I've contact TAC and they say my switch config is correct but then send me to https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top for the NPS configuration which is not helpful.
To describe what happens at this point, i do the configurations, plug in my laptop to test auth and it just connects me right to the port without prompting for credentials. This doesn't seem to be correct.
Any tips or guidance would be appreciated.
Jon
06-08-2020 10:30 AM
hi,
have you enabled dot1x authentication on the wired auto config and what is the configuration settings?
on the switch
show authentication session <interface> detail --> to show if its dot1x or mab authentication which is happen?
06-08-2020 12:53 PM
 
					
				
		
06-08-2020 04:13 PM
You have not provided any useful information about the endpoint's 802.1X supplicant configuration nor the switch.
Please see How to Ask The Community for Help.
The Windows wired supplicant is disabled by default and it is unclear if you have enabled it and what behavior you configured.
06-08-2020 09:30 PM
Hi,
For the wired see this basic configuration.
https://www.youtube.com/watch?v=ftC3NLPDgDo --> there is two part video you can go through the configuration how he has done the same.
06-09-2020 10:28 AM
06-09-2020 10:13 PM
Hi,
Understand the concept the switch from certificate to username and password is the selection of Peap instead of using Certficate and the ISE policy where you say using PEAP as protocol and domain machine in the authorization to do the authentication.
06-09-2020 10:25 AM
Here is all of the configuration that i've done up to this point:
Switch configuration that is relevant:
aaa new-model
aaa group server radius NPS_SERVERS
server name NDC
aaa authentication login default local
aaa authentication enable default none
aaa authentication dot1x default group NPS_SERVERS
aaa authorization network default group NPS_SERVERS
aaa accounting update newinfo periodic 2880
aaa accounting identity default start-stop group NPS_SERVERS
aaa server radius dynamic-author
client 192.168.0.10 server-key 7 password
aaa session-id common
match result-type aaa-timeout
!
policy-map type control subscriber TEST
event session-started match-all
10 class always do-until-failure
10 authenticate using dot1x priority 10
!
interface GigabitEthernet1/0/5
switchport access vlan 3
switchport mode access
access-session host-mode single-host
access-session port-control auto
dot1x pae authenticator
spanning-tree portfast
service-policy type control subscriber TEST
!
!
radius-server dead-criteria time 10 tries 3
!
radius server NDC
address ipv4 192.168.0.10 auth-port 1812 acct-port 1813
key 7 password
!
06-09-2020 10:15 PM
The config looks ok. what happens when you connect to the laptop to the port?
is it still showing unknown?
try to run a debug aaa dot1x to see where it fails.
06-11-2020 01:42 PM
Debug aaa dot1x doesn't work on my switch. Here is the debug dot1x all. I've also included debug aaa authentication & debug aaa authorization at the bottom.
Jun 11 14:33:24 MST: dot1x-ev:[Gi1/0/36] Interface state changed to UP
Jun 11 14:33:24 MST: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet1/0/36
Jun 11 14:33:24 MST: dot1x_auth Gi1/0/36: initial state auth_initialize has enter
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023: initialising
Jun 11 14:33:24 MST: dot1x_auth Gi1/0/36: during state auth_initialize, got event 0(cfg_auto)
Jun 11 14:33:24 MST: @@@ dot1x_auth Gi1/0/36: auth_initialize -> auth_disconnected
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023: disconnected
Jun 11 14:33:24 MST: dot1x_auth Gi1/0/36: idle during state auth_disconnected
Jun 11 14:33:24 MST: @@@ dot1x_auth Gi1/0/36: auth_disconnected -> auth_restart
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023: entering restart
Jun 11 14:33:24 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Sending create new context event to EAP for 0x0E000023 (54e1.adad.2b35)
Jun 11 14:33:24 MST: dot1x_auth_bend Gi1/0/36: initial state auth_bend_initialize has enter
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023: entering init state
Jun 11 14:33:24 MST: dot1x_auth_bend Gi1/0/36: initial state auth_bend_initialize has idle
Jun 11 14:33:24 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_initialize, got event 16383(idle)
Jun 11 14:33:24 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_initialize -> auth_bend_idle
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering idle state
Jun 11 14:33:24 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Created a client entry (0x0E000023)
Jun 11 14:33:24 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Dot1x authentication started for 0x0E000023 (54e1.adad.2b35)
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting !EAP_RESTART on Client 0x0E000023
Jun 11 14:33:24 MST: dot1x_auth Gi1/0/36: during state auth_restart, got event 6(no_eapRestart)
Jun 11 14:33:24 MST: @@@ dot1x_auth Gi1/0/36: auth_restart -> auth_connecting
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:enter connecting state
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023: restart connecting
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting RX_REQ on Client 0x0E000023
Jun 11 14:33:24 MST: dot1x_auth Gi1/0/36: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Jun 11 14:33:24 MST: @@@ dot1x_auth Gi1/0/36: auth_connecting -> auth_authenticating
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023: authenticating state entered
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:connecting authenticating action
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting AUTH_START for 0x0E000023
Jun 11 14:33:24 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_idle, got event 4(eapReq_authStart)
Jun 11 14:33:24 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_idle -> auth_bend_request
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:24 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:24 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:24 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:24 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:24 MST: dot1x-packet: length: 0x0005
Jun 11 14:33:24 MST: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Jun 11 14:33:24 MST: dot1x-packet: type: 0x1
Jun 11 14:33:24 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:idle request action
Jun 11 14:33:24 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:24 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:24 MST: dot1x-packet: length: 0x000F
Jun 11 14:33:24 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 1,LEN= 15
Jun 11 14:33:24 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.000f
Jun 11 14:33:24 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:24 MST: dot1x-packet: length: 0x000F
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:24 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:24 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:24 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:24 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0006
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x2 length: 0x0006
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x00A6
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 166
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.00a6
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x00A6
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x05D8
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x3 length: 0x05D8
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0006
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 6
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0006
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0200
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x4 length: 0x0200
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x00AF
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 175
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.00af
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x00AF
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x003D
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x5 length: 0x003D
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0006
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 6
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0006
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0024
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x6 length: 0x0024
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x002E
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 46
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.002e
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x002E
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0033
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x7 length: 0x0033
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0033
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 51
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0033
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0033
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x003C
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x8 length: 0x003C
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0064
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 100
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0064
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0064
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0052
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0x9 length: 0x0052
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0025
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 37
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0025
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0025
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_REQ for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 7(eapReq)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_request
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering request state
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x006A
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x1 id: 0xB length: 0x006A
Jun 11 14:33:25 MST: dot1x-packet: type: 0x19
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response request action
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Queuing an EAPOL pkt on Authenticator Q
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x006A
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Dequeued pkt: Int Gi1/0/36 CODE= 2,TYPE= 25,LEN= 106
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Received pkt saddr =54e1.adad.2b35 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.006a
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x006A
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAPOL_EAP for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_request, got event 6(eapolEap)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_request -> auth_bend_response
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering response state
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Response sent to the server from 0x0E000023
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:request response action
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Received an EAP Fail
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting EAP_FAIL for 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: during state auth_bend_response, got event 10(eapFail)
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_response -> auth_bend_fail
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting response state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering fail state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:response fail action
Jun 11 14:33:25 MST: dot1x_auth_bend Gi1/0/36: idle during state auth_bend_fail
Jun 11 14:33:25 MST: @@@ dot1x_auth_bend Gi1/0/36: auth_bend_fail -> auth_bend_idle
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering idle state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting AUTH_FAIL on Client 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth Gi1/0/36: during state auth_authenticating, got event 15(authFail)
Jun 11 14:33:25 MST: @@@ dot1x_auth Gi1/0/36: auth_authenticating -> auth_authc_result
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:exiting authenticating state
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023:entering authc result state
Jun 11 14:33:25 MST: %DOT1X-5-FAIL: Authentication failed for client (54e1.adad.2b35) on Interface Gi1/0/36 AuditSessionID C0A800030000 00499A041BF9
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Added username in dot1x
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] Dot1x did not receive any key data
Jun 11 14:33:25 MST: dot1x-ev:[54e1.adad.2b35, Gi1/0/36] Received Authz fail (result: 3) for the client 0x0E000023 (54e1.adad.2b35)
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] Posting_AUTHZ_FAIL on Client 0x0E000023
Jun 11 14:33:25 MST: dot1x_auth Gi1/0/36: during state auth_authc_result, got event 22(authzFail)
Jun 11 14:33:25 MST: @@@ dot1x_auth Gi1/0/36: auth_authc_result -> auth_held
Jun 11 14:33:25 MST: dot1x-sm:[54e1.adad.2b35, Gi1/0/36] 0x0E000023: held
Jun 11 14:33:25 MST: dot1x-ev:[0180.c200.0003, Gi1/0/36] Sending EAPOL packet to group PAE address
Jun 11 14:33:25 MST: dot1x-registry:registry:dot1x_ether_macaddr called
Jun 11 14:33:25 MST: dot1x-ev:[Gi1/0/36] Sending out EAPOL packet to MAC 0180.c200.0003
Jun 11 14:33:25 MST: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Jun 11 14:33:25 MST: dot1x-packet: length: 0x0004
Jun 11 14:33:25 MST: dot1x-packet:EAP code: 0x4 id: 0xB length: 0x0004
Jun 11 14:33:25 MST: dot1x-packet:[54e1.adad.2b35, Gi1/0/36] EAPOL packet sent to client 0x0E000023
Jun 11 14:33:26 MST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/36, changed state to up
Jun 11 14:33:27 MST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/36, changed state to up
Does this help at all? My expectation is that when i plug in the ethernet cable that it will prompt me credentials. Am i correct in my assumption?
Jon
 
					
				
		
06-12-2020 04:15 PM
It depends on your endpoint supplicant configuration.
One of the options should be for it to automatically provide the user's login credentials:
If you have this checked it will NOT prompt for the username/password!
06-15-2020 10:25 AM
Hi Thomas,
Thanks so much for replying. I've unchecked that hoping that it will prompt for a username and password and it still doesn't.
Do you have any other thoughts. Have you seen IBNS 2.0 work with Microsoft NPS server before? I literally can only find configurations with ISE or using non IBNS 2.0 configurations.
Thanks,
Jon
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide