Hi Michal!

Thanks for answering.

But does that command do the same thing?  Shouldn't dot1x reauthenticate interface force a new authentication and clear dot1x interface just deauthenticate the client?

And I really fint it intressting that commands from Configuration Guide does not exist i real life.

Again, thanks for your efforts!

//

Johan

You are right, should.

I am not sure what is the trigger for "dot1x reauthenticate interface". Maybe we need to have configured periodic reauthentication to have it working, example:

Switch(config-if)# dot1x reauthentication

Switch(config-if)# dot1x timeout reauth-period 4000

Could you try that ?

You can also enable "debug dot1x all" and verify if any packet has been send by switch ("

EAPOL pak dump Tx").

If you will still have the problem i will build a lab and test it myself.

---

Michal

Okey, i think some of my problems are related to Authentication Manager commands and pre Authentication Manager commands.

dot1x reauthentication                -->      authentication periodic

dot1x timeout reauth-period 4000 -->     authentication timer reauthenticate 4000

But still, I can't find any equivalent to my dot1x reauthenticate interface

//

Johan

Great, then I'l satisfy with clear dot1x interface

Thanks!

Johan

Hi,

thought not in timely manner but just for ultimate clarity on the subject :)
b0202094-01#dot1x re-authenticate interface g2/39
b0202094-01#

Hmmm, if I do a "clear dot1x interface gigabitEthernet 1/0/41" the client will lost his connectivity and will never be reachable till I shut and no-shut the interface (or unplug and replug the clients ethernet interface).

I have also enabled fot testing the reauthentication enabled.

It stays in this state:

2960XR#sh authentication sessions interface gigabitEthernet 1/0/41

Interface Identifier Method Domain Status Fg Session ID
-----------------------------------------------------------------------------
Gi1/0/41 5c26.0a01.ed64 N/A UNKNOWN Unauth 000000000000002F00A291E6

Key to Session Events Blocked Status Flags:

A - Applying Policy (multi-line status for details)
D - Awaiting Deletion
F - Final Removal in progress
I - Awaiting IIF ID allocation
N - Waiting for AAA to come up
P - Pushed Session
R - Removing User Profile (multi-line status for details)
U - Applying User Profile (multi-line status for details)
X - Unknown Blocker

Runnable methods list:
Handle Priority Name
8 0 dot1xSupp
7 5 dot1x
18 10 mab
16 15 webauth

2960XR#

After a shutdown and no-shutdown of the interface all is fine again.

2960XR#sh authentication sessions interface gigabitEthernet 1/0/41

Interface Identifier Method Domain Status Fg Session ID
-----------------------------------------------------------------------------
Gi1/0/41 5c26.0a01.ed64 dot1x DATA Auth 000000000000003000A407B3

Key to Session Events Blocked Status Flags:

A - Applying Policy (multi-line status for details)
D - Awaiting Deletion
F - Final Removal in progress
I - Awaiting IIF ID allocation
N - Waiting for AAA to come up
P - Pushed Session
R - Removing User Profile (multi-line status for details)
U - Applying User Profile (multi-line status for details)
X - Unknown Blocker

Runnable methods list:
Handle Priority Name
8 0 dot1xSupp
7 5 dot1x
18 10 mab
16 15 webauth

2960XR#

Do you have any ideas whats going wrong here?

You can do "clear authentication session interface gigabitEthernet 1/0/41" I believe.

Then "show authentication session interface gigabitEthernet 1/0/41 details"