cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
571
Views
0
Helpful
2
Replies

windows 2012 ,cisco 296024-PC-L multi-auth mac base 802.1x problem

ALI.TURSUN
Level 1
Level 1

Hi,

I confured windows 2012 NPS Radius Server and cisco 2960-24PC-L

And i want to use 802.1x multi-auth multiple mac authentication.

İ can using grandstream IP telephone. and behind unmanage switch and a lot of printer,notebook and pc

I configured switch for test port f0/19 But i can see only IP Phone authentication but other machines not authentication.

vlan 1 for PC,Printer and notebook

Vlan 2 for IP Phone

vlan 99 for unauthentication devices.

You can see attached config and log file. If you want windows 2012 NPS Server. İ can send.

How can i resolve this problem ?

interface FastEthernet0/19
description BARIS
switchport mode access
switchport voice vlan 2
authentication control-direction in
authentication event no-response action authorize vlan 99
authentication host-mode multi-auth
authentication open
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout quiet-period 1
dot1x timeout tx-period 5
dot1x max-req 3
spanning-tree portfast
spanning-tree bpduguard enable
end

Ali

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

We would normally expect to see your authentication order and priority commands include dot1x. Is there a reason why you left them off? At least one client appears to have 802.1x setup as we see the dot1x authentication request in your debug output.

Also, I see the endpoint sending machine credentials:

*Jul  9 07:18:28.568: RADIUS:  User-Name           [1]   22  "host/DESKTOP-T4BKUJQ"

...but not user credentials. That is a setting in the supplicant.

Hi Marvin,

Thanks for response.My customer wants mab.

I think resolve problem. I removed mac user from NPS 2012 and recreated  authentication success.. You can see sh authentication sessions output.

But İ run sh dot1x int f0/19 details command. i can not see authentication.

May be mab ?

Customer_A_SW#sh authentication sessions

Interface MAC Address Method Domain Status Session ID
Fa0/19 000b.8288.470a mab DATA Authz Success 0AFC01FD00004DE7A3A1AE92
Fa0/19 089e.0184.c79c mab DATA Authz Success 0AFC01FD00004DE6A3A1AB29
Fa0/19 180c.acdd.4fe1 mab DATA Authz Success 0AFC01FD00004DE9A3A3E529
Fa0/19 ecf4.bb46.31f4 mab DATA Authz Success 0AFC01FD00004DE8A3A1BFF8

Customer_A_SW#

Customer_A_SW#sh dot1x int f0/19 details

Dot1x Info for FastEthernet0/19
-----------------------------------
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = MULTI_AUTH
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 1
MaxReq = 3
TxPeriod = 1

Dot1x Authenticator Client List Empty

Port Status = UNAUTHORIZED
Customer_A_SW#