- Cisco Community
- Technology and Support
- Security
- Network Access Control
- Wired Dot1x authentication of the switchport not working with WIN NPS
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Wired Dot1x authentication of the switchport not working with WIN NPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2024 09:57 PM
Dear Community,
We have set up a C2960 switchport for Dot1x authentication with our production Windows RADIUS server (NPS). But the switchport is not authenticating the user correctly. Kindly support with this. Below are the Dot1x configurations of the C2960 switch.
aaa authentication dot1x default group radius
radius-server host 172.16.10.5 auth-port 1812 acct-port 1813 key xxxxxx
interface FastEthernet0/7
switchport access vlan 31
switchport mode access
authentication port-control auto
dot1x pae authenticator
storm-control broadcast level 50.00
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
end
Also below is the debug radius output.
L3_SW4#
*Dec 4 13:02:04.550: %AUTHMGR-5-START: Starting 'dot1x' for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC1001220001F4B99A73ED20
*Dec 4 13:02:04.835: RADIUS/ENCODE(0001F4DD):Orig. component type = Dot1X
*Dec 4 13:02:04.835: RADIUS: AAA Unsupported Attr: service-type [344] 4 2
*Dec 4 13:02:04.835: RADIUS: AAA Unsupported Attr: audit-session-id [819] 24 64672512
*Dec 4 13:02:04.835: RADIUS: AAA Unsupported Attr: interface [221] 15 64658484
*Dec 4 13:02:04.835: RADIUS(0001F4DD): Config NAS IP: 0.0.0.0
*Dec 4 13:02:04.835: RADIUS(0001F4DD): Config NAS IPv6: ::
*Dec 4 13:02:04.835: RADIUS/ENCODE(0001F4DD): acct_session_id: 128211
*Dec 4 13:02:04.835: RADIUS(0001F4DD): sending
*Dec 4 13:02:04.835: RADIUS/ENCODE: Best Local IP-Address 172.16.1.34 for Radius-Server 172.16.10.5
*Dec 4 13:02:04.843: RADIUS(0001F4DD): Send Access-Request to 172.16.10.5:1812 id 1645/28, len 184
*Dec 4 13:02:04.843: RADIUS: authenticator FF D4 C8 8F 60 B4 85 1F - D4 FB D1 A9 42 8C E2 76
*Dec 4 13:02:04.843: RADIUS: User-Name [1] 27 "host/lap-naveenp.slmo.com"
*Dec 4 13:02:04.843: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 4 13:02:04.843: RADIUS: Framed-MTU [12] 6 1500
*Dec 4 13:02:04.843: RADIUS: Called-Station-Id [30] 19 "AC-7E-8A-EF-C1-87"
*Dec 4 13:02:04.843: RADIUS: Calling-Station-Id [31] 19 "04-BF-1B-52-3D-89"
*Dec 4 13:02:04.843: RADIUS: EAP-Message [79] 32
*Dec 4 13:02:04.843: RADIUS: 02 01 00 1E 01 68 6F 73 74 2F 6C 61 70 2D 6E 61 76 65 65 6E 70 [host/lap-naveenp]
*Dec 4 13:02:04.843: RADIUS: 2E 73 6C 6D 6F 2E 63 6F 6D [ .slmo.com]
*Dec 4 13:02:04.843: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:02:04.843: RADIUS: 8C 06 75 A3 A2 2E 8B 8B 8B B5 B8 86 99 D4 3D 7F [ u.=]
*Dec 4 13:02:04.843: RADIUS: EAP-Key-Name [102] 2 *
*Dec 4 13:02:04.843: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Dec 4 13:02:04.843: RADIUS: NAS-Port [5] 6 50007
*Dec 4 13:02:04.843: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/7"
*Dec 4 13:02:04.843: RADIUS: NAS-IP-Address [4] 6 172.16.1.34
*Dec 4 13:02:04.843: RADIUS(0001F4DD): Sending a IPv4 Radius Packet
*Dec 4 13:02:04.843: RADIUS(0001F4DD): Started 5 sec timeout
*Dec 4 13:02:04.852: RADIUS: Received from id 1645/28 172.16.10.5:1812, Access-Reject, len 44
*Dec 4 13:02:04.852: RADIUS: authenticator C1 9E 3E 90 84 62 AB 0A - 7F F9 F0 38 58 21 9A 81
*Dec 4 13:02:04.852: RADIUS: EAP-Message [79] 6
*Dec 4 13:02:04.852: RADIUS: 04 01 00 04
*Dec 4 13:02:04.852: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:02:04.852: RADIUS: A6 35 FE 44 0C E7 44 A5 2B 1E 7F 13 99 68 90 F6 [ 5DD+h]
*Dec 4 13:02:04.852: RADIUS(0001F4DD): Received from id 1645/28
*Dec 4 13:02:04.860: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
*Dec 4 13:02:04.860: %DOT1X-5-FAIL: Authentication failed for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC1001220001F4B99A73ED20
*Dec 4 13:02:04.860: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC11220001F4B99A73ED20
*Dec 4 13:02:04.860: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC1001220001F99A73ED20
*Dec 4 13:02:06.261: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to up
*Dec 4 13:02:07.268: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up
*Dec 4 13:03:20.173: %AUTHMGR-5-START: Starting 'dot1x' for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC1001220001F4BA9A74DA2B
*Dec 4 13:03:20.198: RADIUS/ENCODE(0001F4DE):Orig. component type = Dot1X
*Dec 4 13:03:20.198: RADIUS: AAA Unsupported Attr: service-type [344] 4 2
*Dec 4 13:03:20.198: RADIUS: AAA Unsupported Attr: audit-session-id [819] 24 64655104
*Dec 4 13:03:20.198: RADIUS: AAA Unsupported Attr: interface [221] 15 64658484
*Dec 4 13:03:20.198: RADIUS(0001F4DE): Config NAS IP: 0.0.0.0
*Dec 4 13:03:20.198: RADIUS(0001F4DE): Config NAS IPv6: ::
*Dec 4 13:03:20.198: RADIUS/ENCODE(0001F4DE): acct_session_id: 128212
*Dec 4 13:03:20.198: RADIUS(0001F4DE): sending
*Dec 4 13:03:20.198: RADIUS/ENCODE: Best Local IP-Address 172.16.1.34 for Radius-Server 172.16.10.5
*Dec 4 13:03:20.198: RADIUS(0001F4DE): Send Access-Request to 172.16.10.5:1812 id 1645/29, len 158
*Dec 4 13:03:20.198: RADIUS: authenticator D4 2C 86 09 07 8A D8 AB - 1E 20 5B 52 3A 61 E1 B3
*Dec 4 13:03:20.198: RADIUS: User-Name [1] 14 "SLMO\naveenp"
*Dec 4 13:03:20.198: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 4 13:03:20.198: RADIUS: Framed-MTU [12] 6 1500
*Dec 4 13:03:20.198: RADIUS: Called-Station-Id [30] 19 "AC-7E-8A-EF-C1-87"
*Dec 4 13:03:20.198: RADIUS: Calling-Station-Id [31] 19 "04-BF-1B-52-3D-89"
*Dec 4 13:03:20.198: RADIUS: EAP-Message [79] 19
*Dec 4 13:03:20.198: RADIUS: 02 01 00 11 01 53 4C 4D 4F 5C 6E 61 76 65 65 6E 70 [ SLMO\naveenp]
*Dec 4 13:03:20.198: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.198: RADIUS: 40 14 B3 C8 0A 3E 8D 4F 87 E6 B7 2B 8C D3 A0 98 [ @>O+]
*Dec 4 13:03:20.198: RADIUS: EAP-Key-Name [102] 2 *
*Dec 4 13:03:20.198: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Dec 4 13:03:20.198: RADIUS: NAS-Port [5] 6 50007
*Dec 4 13:03:20.198: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/7"
*Dec 4 13:03:20.198: RADIUS: NAS-IP-Address [4] 6 172.16.1.34
*Dec 4 13:03:20.198: RADIUS(0001F4DE): Sending a IPv4 Radius Packet
*Dec 4 13:03:20.198: RADIUS(0001F4DE): Started 5 sec timeout
*Dec 4 13:03:20.215: RADIUS: Received from id 1645/29 172.16.10.5:1812, Access-Challenge, len 90
*Dec 4 13:03:20.215: RADIUS: authenticator 35 38 41 F8 AC 59 CF 77 - FA E7 C5 B4 1A 77 31 69
*Dec 4 13:03:20.215: RADIUS: Session-Timeout [27] 6 30
*Dec 4 13:03:20.215: RADIUS: EAP-Message [79] 8
*Dec 4 13:03:20.215: RADIUS: 01 02 00 06 19 20 [ ]
*Dec 4 13:03:20.215: RADIUS: State [24] 38
*Dec 4 13:03:20.215: RADIUS: 1E 99 03 97 00 00 01 37 00 01 02 00 AC 10 0A 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 32 64 FE F8 [ 72d]
*Dec 4 13:03:20.215: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.215: RADIUS: 19 4A E0 B7 BB F6 8B C2 FB 1A F6 77 58 10 4D 21 [ JwXM!]
*Dec 4 13:03:20.215: RADIUS(0001F4DE): Received from id 1645/29
*Dec 4 13:03:20.215: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
*Dec 4 13:03:20.248: RADIUS/ENCODE(0001F4DE):Orig. component type = Dot1X
*Dec 4 13:03:20.248: RADIUS: AAA Unsupported Attr: service-type [344] 4 2
*Dec 4 13:03:20.248: RADIUS/ENCODE: EAP-Message fragment 261 into 253+8, total 261 bytes
*Dec 4 13:03:20.248: RADIUS: AAA Unsupported Attr: audit-session-id [819] 24 64655104
*Dec 4 13:03:20.248: RADIUS: AAA Unsupported Attr: interface [221] 15 64658484
*Dec 4 13:03:20.248: RADIUS(0001F4DE): Config NAS IP: 0.0.0.0
*Dec 4 13:03:20.248: RADIUS(0001F4DE): Config NAS IPv6: ::
*Dec 4 13:03:20.248: RADIUS/ENCODE(0001F4DE): acct_session_id: 128212
*Dec 4 13:03:20.248: RADIUS(0001F4DE): sending
*Dec 4 13:03:20.257: RADIUS/ENCODE: Best Local IP-Address 172.16.1.34 for Radius-Server 172.16.10.5
*Dec 4 13:03:20.257: RADIUS(0001F4DE): Send Access-Request to 172.16.10.5:1812 id 1645/30, len 442
*Dec 4 13:03:20.257: RADIUS: authenticator 06 AE C3 00 73 3A 42 A0 - 40 25 E6 80 DC 5F A3 87
*Dec 4 13:03:20.257: RADIUS: User-Name [1] 14 "SLMO\naveenp"
*Dec 4 13:03:20.257: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 4 13:03:20.257: RADIUS: Framed-MTU [12] 6 1500
*Dec 4 13:03:20.257: RADIUS: Called-Station-Id [30] 19 "AC-7E-8A-EF-C1-87"
*Dec 4 13:03:20.257: RADIUS: Calling-Station-Id [31] 19 "04-BF-1B-52-3D-89"
*Dec 4 13:03:20.257: RADIUS: EAP-Message [79] 255
*Dec 4 13:03:20.257: RADIUS: 02 02 01 05 19 80 00 00 00 FB 16 03 01 00 F6 01 00 00 F2 03 03 88 57 64 0B 40 78 1D 28 ED DD 5F 7F F8 50 11 1A 50 40D 77 A9 2D 5F 5D 1A 2C 1F AC A3 32 6A [Wd@x(_PP@w-_],2j]
*Dec 4 13:03:20.257: RADIUS: 54 20 1F 2F DF CC 56 AC 46 40 7B FC 6E 87 CD 90 72 0C A6 32 02 F3 2C D7 0B 0D E2 89 9A C2 F7 BF 3E 0D 00 28 13 02 131 C0 2C C0 2B C0 30 [T /VF@{nr2,>(,+0]
*Dec 4 13:03:20.257: RADIUS: C0 2F C0 24 C0 23 C0 28 C0 27 C0 0A C0 09 C0 14 C0 13 00 9D 00 9C 00 3D 00 3C 00 35 00 2F 01 00 00 81 00 05 00 05 010 00 00 00 00 2B 00 09 08 03 04 03 03 03 02 03 01 00 0D 00 1A 00 18 08 04 08 05 08 06 04 01 05 01 02 01 04 03 05 03 02 03 02 02 06 01 06 03 00 23 000 00 0A 00 08 00 06 00 1D 00 17 00 18 00 33 00 26 00 24 00 1D 00 20 1A 41 [/$#('=<5/+#3&$ A]
*Dec 4 13:03:20.265: RADIUS: E3 E0 93 1F 4D 64 2B D0 12 58 F4 35 D0 36 22 39 2D FF 1F 76 C3 E4 DD 1C 5C 3D 4C 7E 16 64 00 31 [Md+X56"9-v\=L~d1]
*Dec 4 13:03:20.265: RADIUS: 00 00 00 17 00 00 FF 01 00
*Dec 4 13:03:20.265: RADIUS: EAP-Message [79] 10
*Dec 4 13:03:20.265: RADIUS: 01 00 00 2D 00 02 01 01 [ -]
*Dec 4 13:03:20.265: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.265: RADIUS: C5 F9 03 3E 80 66 26 AE A4 48 EE 00 9A 13 50 8C [ >f&HP]
*Dec 4 13:03:20.265: RADIUS: EAP-Key-Name [102] 2 *
*Dec 4 13:03:20.265: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Dec 4 13:03:20.265: RADIUS: NAS-Port [5] 6 50007
*Dec 4 13:03:20.265: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/7"
*Dec 4 13:03:20.265: RADIUS: State [24] 38
*Dec 4 13:03:20.265: RADIUS: 1E 99 03 97 00 00 01 37 00 01 02 00 AC 10 0A 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 32 64 FE F8 [ 72d]
*Dec 4 13:03:20.265: RADIUS: NAS-IP-Address [4] 6 172.16.1.34
*Dec 4 13:03:20.265: RADIUS(0001F4DE): Sending a IPv4 Radius Packet
*Dec 4 13:03:20.265: RADIUS(0001F4DE): Started 5 sec timeout
*Dec 4 13:03:20.299: RADIUS: Received from id 1645/30 172.16.10.5:1812, Access-Challenge, len 1590
*Dec 4 13:03:20.299: RADIUS: authenticator 03 BE BF FE 27 14 F6 46 - CD BA 2F 5B 93 4E 7C 02
*Dec 4 13:03:20.299: RADIUS: Session-Timeout [27] 6 30
*Dec 4 13:03:20.299: RADIUS: EAP-Message [79] 255
*Dec 4 13:03:20.299: RADIUS: 01 03 05 D8 19 C0 00 00 07 1F 16 03 03 07 1A 02 00 00 51 03 03 66 73 CE A2 51 28 BE 10 D2 47 C5 A9 75 D8 A6 C1 C5 274 DD CF 34 49 15 0D A6 94 C7 41 37 F1 CF 20 84 2C 00 00 AA 15 02 F6 E0 50 [QfsQ(Gu'$4IA7 ,P]
*Dec 4 13:03:20.299: RADIUS: C2 35 EC 10 57 4C 0C C8 9C 91 15 7C 6A A9 79 99 56 20 7D 64 26 58 C0 30 00 00 09 00 17 00 00 FF 01 00 01 00 0B 00 052 00 05 AF 00 05 AC 30 82 05 A8 30 82 04 90 A0 03 02 01 02 02 13 41 [5WL|jyV }d&X000A]
*Dec 4 13:03:20.307: RADIUS: 00 00 00 02 AB C1 19 FE 8A 94 B1 B3 00 00 00 00 00 02 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 46 31 13 30 116 0A 09 92 26 89 93 F2 2C 64 01 19 16 03 63 6F 6D 31 14 30 12 06 0A 09 92 26 [0*H0F10&,dcom10&]
*Dec 4 13:03:20.307: RADIUS: 89 93 F2 2C 64 01 19 16 04 73 6C 6D 6F 31 19 30 17 06 03 55 04 03 13 10 73 6C 6D 6F 2D 53 4C [,dslmo10Uslmo-SL]
*Dec 4 13:03:20.307: RADIUS: 4D 4F 2D 41 44 32 2D 43 41 30 1E 17 0D 32 33 30 38 30 38 [MO-AD2-CA0230808]
*Dec 4 13:03:20.307: RADIUS: 31 33 32 32 30 36 5A 17 0D 32 34 30 [ 132206Z240]
*Dec 4 13:03:20.307: RADIUS: EAP-Message [79] 255
*Dec 4 13:03:20.307: RADIUS: 38 30 37 31 33 32 32 30 36 5A 30 1C 31 1A 30 18 06 03 55 04 03 13 11 53 4C [807132206Z010USL]
*Dec 4 13:03:20.307: RADIUS: 4D 4F 2D 41 44 32 2E 73 6C 6D 6F 2E 63 6F 6D 30 [MO-AD2.slmo.com0]
*Dec 4 13:03:20.307: RADIUS: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 C2 E6 59 B4 D3 75 C2 43 7F 8C 2A7 C8 D2 C9 F7 E7 CD 8E 99 E3 B1 5B FA D3 CB ED 4A AE BD B7 3E 4F 50 8E 4A DB 91 9F 25 11 37 [0*H0YuC*[J>OPJ?7]
*Dec 4 13:03:20.307: RADIUS: D6 40 94 B8 1E B6 D1 47 B5 45 BB A1 F0 E9 F0 AE FA 5E 9C F5 CA 15 B5 69 2A 56 A9 8D 54 38 7E 86 A0 02 67 3F C2 5A 403 F8 7C 17 31 [@GE^i*VT8~g?Z@|1]
*Dec 4 13:03:20.307: RADIUS: DC E2 3C C3 9F 31 9D B3 3D 06 6A B1 00 23 A2 F8 8D 06 7C F8 E0 24 03 85 45 5A 56 42 D2 62 2E 26 98 07 A7 70 E8 DB 30[<1=j#|$EZVBb.&p0]
*Dec 4 13:03:20.307: RADIUS: 53 E1 95 02 03 01 00 01 A3 82 03 3B 30 82 03 37 30 2F 06 09 2B 06 01 04 01 82 37 14 02 04 22 1E 20 00 44 00 6F 00 6D0 61 00 69 00 6E [S;070/+7" Domain]
*Dec 4 13:03:20.307: RADIUS: 00 43 00 6F 00 6E 00 74 00 72 00 6F 00 6C [ Control]
*Dec 4 13:03:20.307: RADIUS: EAP-Message [79] 255
*Dec 4 13:03:20.316: RADIUS: 00 6C 00 65 00 72 30 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 01 30 0B6 03 55 1D 0F 04 04 03 02 05 A0 30 78 06 09 2A 86 48 86 F7 0D 01 09 0F 04 6B [ler0U?0++0U0x*Hk]
*Dec 4 13:03:20.316: RADIUS: 30 69 30 0E 06 08 2A 86 48 86 F7 0D 03 02 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 02 02 00 80 30 0B 06 09 606 48 01 65 03 04 01 2A 30 0B 06 09 60 86 48 [0i0*H0*H0`He*0`H]
*Dec 4 13:03:20.316: RADIUS: 01 65 03 04 01 2D 30 0B 06 09 60 86 48 01 65 03 04 01 02 30 0B 06 09 60 86 48 01 65 03 04 01 05 30 07 06 05 2B 0E 032 07 30 0A 06 08 2A 86 48 86 F7 0D 03 07 30 [e-0`He0`He0+0*H0]
*Dec 4 13:03:20.316: RADIUS: 1D 06 03 55 1D 0E 04 16 04 14 11 63 BC 53 E3 FB 5B 05 82 24 97 6A 7F 69 99 1C E5 A1 78 F6 30 1F 06 03 55 1D 23 04 180 16 80 14 67 70 66 C3 AE A6 B2 79 [UcS[$jix0U#0gpfy]
*Dec 4 13:03:20.316: RADIUS: B5 1E F4 86 62 2F 36 17 E4 93 77 83 30 81 CC 06 03 55 1D 1F 04 81 C4 30 81 C1 30 81 BE [ b/6w0U00]
*Dec 4 13:03:20.316: RADIUS: EAP-Message [79] 255
*Dec 4 13:03:20.316: RADIUS: A0 81 BB A0 81 B8 86 81 B5 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 73 6C 6D 6F 2D [ldap:///CN=slmo-]
*Dec 4 13:03:20.316: RADIUS: 53 4C 4D 4F 2D 41 44 32 2D 43 41 2C 43 4E 3D 53 [SLMO-AD2-CA,CN=S]
*Dec 4 13:03:20.316: RADIUS: 4C 4D 4F 2D 41 44 32 2C 43 4E 3D 43 44 50 2C 43 [LMO-AD2,CN=CDP,C]
*Dec 4 13:03:20.316: RADIUS: 4E 3D 50 75 62 6C 69 63 25 32 30 4B 65 79 25 32 [N=Public?20Key?2]
*Dec 4 13:03:20.316: RADIUS: 30 53 65 72 76 69 63 65 73 2C 43 4E 3D 53 65 72 [0Services,CN=Ser]
*Dec 4 13:03:20.316: RADIUS: 76 69 63 65 73 2C 43 4E 3D 43 6F 6E 66 69 67 75 [vices,CN=Configu]
*Dec 4 13:03:20.324: RADIUS: 72 61 74 69 6F 6E 2C 44 43 3D 73 6C 6D 6F 2C 44 [ration,DC=slmo,D]
*Dec 4 13:03:20.324: RADIUS: 43 3D 63 6F 6D 3F 63 65 72 74 69 66 69 63 61 74 [C=com?certificat]
*Dec 4 13:03:20.324: RADIUS: 65 52 65 76 6F 63 61 74 69 6F 6E 4C 69 73 74 3F [eRevocationList?]
*Dec 4 13:03:20.324: RADIUS: 62 61 73 65 3F 6F 62 6A 65 63 74 43 6C 61 73 73 [base?objectClass]
*Dec 4 13:03:20.324: RADIUS: 3D 63 52 4C 44 69 73 74 72 69 62 75 74 69 6F 6E [=cRLDistribution]
*Dec 4 13:03:20.324: RADIUS: 50 6F 69 6E 74 30 81 BF 06 08 2B 06 01 05 05 07 01 01 04 81 B2 30 81 AF 30 81 AC 06 08 2B 06 01 05 05 07 30 02 86 81F 6C 64 61 70 3A [Point0+00+0ldap:]
*Dec 4 13:03:20.324: RADIUS: 2F 2F 2F 43 4E 3D 73 6C 6D 6F 2D 53 4C 4D 4F 2D [///CN=slmo-SLMO-]
*Dec 4 13:03:20.324: RADIUS: 41 44 32 2D 43 41 2C [ AD2-CA,]
*Dec 4 13:03:20.324: RADIUS: EAP-Message [79] 255
*Dec 4 13:03:20.324: RADIUS: 43 4E 3D 41 49 41 2C 43 4E 3D 50 75 62 6C 69 63 [CN=AIA,CN=Public]
*Dec 4 13:03:20.324: RADIUS: 25 32 30 4B 65 79 25 32 30 53 65 72 76 69 63 65 [?20Key?20Service]
*Dec 4 13:03:20.324: RADIUS: 73 2C 43 4E 3D 53 65 72 76 69 63 65 73 2C 43 4E [s,CN=Services,CN]
*Dec 4 13:03:20.324: RADIUS: 3D 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 2C 44 [=Configuration,D]
*Dec 4 13:03:20.324: RADIUS: 43 3D 73 6C 6D 6F 2C 44 43 3D 63 6F 6D 3F 63 41 [C=slmo,DC=com?cA]
*Dec 4 13:03:20.324: RADIUS: 43 65 72 74 69 66 69 63 61 74 65 3F 62 61 73 65 [Certificate?base]
*Dec 4 13:03:20.324: RADIUS: 3F 6F 62 6A 65 63 74 43 6C 61 73 73 3D 63 65 72 [?objectClass=cer]
*Dec 4 13:03:20.324: RADIUS: 74 69 66 69 63 61 74 69 6F 6E 41 75 74 68 6F 72 [tificationAuthor]
*Dec 4 13:03:20.324: RADIUS: 69 74 79 30 3D 06 03 55 1D 11 04 36 30 34 A0 1F 06 09 2B 06 01 04 01 82 37 19 01 A0 12 04 10 B1 51 1B C6 AB 38 92 49F 82 42 B1 87 12 9F 4E [ity0=U604+7Q8IBN]
*Dec 4 13:03:20.324: RADIUS: 82 11 53 4C 4D 4F 2D 41 44 32 2E 73 6C 6D 6F 2E 63 6F [SLMO-AD2.slmo.co]
*Dec 4 13:03:20.324: RADIUS: 6D 30 4E 06 09 2B 06 01 04 01 82 37 19 02 04 41 30 3F A0 3D 06 0A 2B 06 01 04 01 82 37 19 02 01 A0 2F 04 2D 53 2D 31[m0N+7A0?=+7/-S-1]
*Dec 4 13:03:20.324: RADIUS: 2D 35 2D 32 31 2D 38 35 34 32 34 35 33 39 38 2D [-5-21-854245398-]
*Dec 4 13:03:20.332: RADIUS: 31 39 35 37 39 [ 19579]
*Dec 4 13:03:20.332: RADIUS: EAP-Message [79] 233
*Dec 4 13:03:20.332: RADIUS: 39 34 34 38 38 2D 37 32 35 33 34 35 35 34 33 2D [94488-725345543-]
*Dec 4 13:03:20.332: RADIUS: 31 36 31 39 34 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 19 DF EB F4 30 50 61 AB A6 29 EB 3D 57 1BC CC 54 A9 F6 ED 7C [161940*H0Pa)=WT|]
*Dec 4 13:03:20.332: RADIUS: 32 45 FA 6C C5 89 95 62 B9 12 1A 24 F1 70 59 1F D2 47 B0 4D 01 75 AE 17 DB 3D 18 39 12 4D 7F 8F 1D 63 72 A3 B1 DD 0DE 40 [2Elb$pYGMu=9Mcr@]
*Dec 4 13:03:20.332: RADIUS: E0 66 F7 3D 37 44 4A A0 6B E5 77 BF 69 BD 66 7E 20 52 21 F6 9E F2 F0 AE 26 59 09 1E 58 [f=7DJkwif~ R!&YX]
*Dec 4 13:03:20.332: RADIUS: F1 03 11 73 BD B7 4E F1 8C E0 02 92 03 8F B1 EE 81 95 6A F4 45 A0 75 01 0F FD 99 EB 46 9C D2 CD FB 68 48 2B 1C BB C8F 5D 46 D3 68 86 00 EA A6 CA 27 A8 21 BD 58 FE 56 [sNjEuFhH+]Fh'!XV]
*Dec 4 13:03:20.332: RADIUS: 24 7B 8F E7 6F 37 95 56 9B 88 E6 95 2F F2 40 5B 75 21 3A C1 1A 90 06 8D C7 EF 19 9F EC B0 F9 8A 02 E2 C0 18 4E DD 62C F1 74 50 [ ${o7V/@[u!:Nb,tP]
*Dec 4 13:03:20.332: RADIUS: State [24] 38
*Dec 4 13:03:20.332: RADIUS: 1E 99 03 97 00 00 01 37 00 01 02 00 AC 10 0A 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 32 64 FE F8 [ 72d]
*Dec 4 13:03:20.332: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.332: RADIUS: 43 D9 64 BD 0D 43 29 FD 90 8B DD 62 76 43 F8 FD [ CdC)bvC]
*Dec 4 13:03:20.341: RADIUS(0001F4DE): Received from id 1645/30
*Dec 4 13:03:20.341: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+253+231, total 1496 bytes
*Dec 4 13:03:20.349: RADIUS/ENCODE(0001F4DE):Orig. component type = Dot1X
*Dec 4 13:03:20.349: RADIUS: AAA Unsupported Attr: service-type [344] 4 2
*Dec 4 13:03:20.349: RADIUS: AAA Unsupported Attr: audit-session-id [819] 24 64655104
*Dec 4 13:03:20.349: RADIUS: AAA Unsupported Attr: interface [221] 15 64658484
*Dec 4 13:03:20.349: RADIUS(0001F4DE): Config NAS IP: 0.0.0.0
*Dec 4 13:03:20.349: RADIUS(0001F4DE): Config NAS IPv6: ::
*Dec 4 13:03:20.349: RADIUS/ENCODE(0001F4DE): acct_session_id: 128212
*Dec 4 13:03:20.349: RADIUS(0001F4DE): sending
*Dec 4 13:03:20.349: RADIUS/ENCODE: Best Local IP-Address 172.16.1.34 for Radius-Server 172.16.10.5
*Dec 4 13:03:20.349: RADIUS(0001F4DE): Send Access-Request to 172.16.10.5:1812 id 1645/31, len 185
*Dec 4 13:03:20.349: RADIUS: authenticator 02 DA AF 65 AB 8F B3 25 - 18 9E 8E 91 A2 72 95 58
*Dec 4 13:03:20.349: RADIUS: User-Name [1] 14 "SLMO\naveenp"
*Dec 4 13:03:20.349: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 4 13:03:20.349: RADIUS: Framed-MTU [12] 6 1500
*Dec 4 13:03:20.349: RADIUS: Called-Station-Id [30] 19 "AC-7E-8A-EF-C1-87"
*Dec 4 13:03:20.349: RADIUS: Calling-Station-Id [31] 19 "04-BF-1B-52-3D-89"
*Dec 4 13:03:20.357: RADIUS: EAP-Message [79] 8
*Dec 4 13:03:20.357: RADIUS: 02 03 00 06 19 00
*Dec 4 13:03:20.357: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.357: RADIUS: 71 5D 1A AA 33 36 6A 41 97 44 FA BD 0D 43 ED 8D [ q]36jADC]
*Dec 4 13:03:20.357: RADIUS: EAP-Key-Name [102] 2 *
*Dec 4 13:03:20.357: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Dec 4 13:03:20.357: RADIUS: NAS-Port [5] 6 50007
*Dec 4 13:03:20.357: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/7"
*Dec 4 13:03:20.357: RADIUS: State [24] 38
*Dec 4 13:03:20.357: RADIUS: 1E 99 03 97 00 00 01 37 00 01 02 00 AC 10 0A 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 32 64 FE F8 [ 72d]
*Dec 4 13:03:20.357: RADIUS: NAS-IP-Address [4] 6 172.16.1.34
*Dec 4 13:03:20.357: RADIUS(0001F4DE): Sending a IPv4 Radius Packet
*Dec 4 13:03:20.357: RADIUS(0001F4DE): Started 5 sec timeout
*Dec 4 13:03:20.357: RADIUS: Received from id 1645/31 172.16.10.5:1812, Access-Challenge, len 429
*Dec 4 13:03:20.357: RADIUS: authenticator 26 C0 FE 51 61 04 9C C3 - D3 0B BB BD C9 F0 BA 71
*Dec 4 13:03:20.357: RADIUS: Session-Timeout [27] 6 30
*Dec 4 13:03:20.357: RADIUS: EAP-Message [79] 255
*Dec 4 13:03:20.357: RADIUS: 01 04 01 57 19 00 87 EF 04 90 DD 98 43 84 61 FF AA 6A 02 D2 B4 96 1A B4 E5 C8 E8 08 24 66 2F FA 09 2C 7F B4 AE FB CE8 69 7F 1E D0 9F E7 3C 6F 18 26 F0 2A 99 DA 8B DF CF CA 5A A3 63 [WCaj$f/,xi<o&*Zc]
*Dec 4 13:03:20.366: RADIUS: 1A 2D 6F 5D 22 F0 10 78 56 A7 AC 0C 00 00 E9 03 00 18 61 04 03 9A 89 E5 59 50 F9 AA 09 DD 17 62 6B DD E6 EE A1 11 9F7 9E F5 24 63 72 87 1B EA 8B 58 E0 51 [-o]"xVaYPbk$crXQ]
*Dec 4 13:03:20.366: RADIUS: 4F D6 43 CE B6 E8 AD 64 22 14 83 BB 4F AC 4F 55 74 F8 FD 3D 1B 0F FA 4E 03 73 87 3F A7 A3 2A 06 75 7C 2C [OCd"OOUt=?*u|,]
*Dec 4 13:03:20.366: RADIUS: 86 C2 E5 5A B0 B8 82 F9 B3 8A 53 D3 BA D8 53 82 D8 60 F8 05 78 4A AA 38 7D CD B6 0B 14 04 01 00 80 73 E4 5F 4E A2 524 17 F3 32 42 AC B8 23 [ZSS`xJ8}s_NRD2B#]
*Dec 4 13:03:20.366: RADIUS: 88 02 17 23 A8 41 97 A0 15 B6 5F A3 CC 94 2B D7 BB 9E 76 2C 34 E1 7E 01 E9 CC BD FC 3E A3 83 61 DB BE 88 D7 6A 99 11A D4 89 CF D5 1B EA 82 4D 2D 5D 68 80 B1 43 [#A_+v,4~>ajM-]hC]
*Dec 4 13:03:20.366: RADIUS: 52 6E 03 34 [ Rn4]
*Dec 4 13:03:20.366: RADIUS: EAP-Message [79] 92
*Dec 4 13:03:20.366: RADIUS: A2 24 AF 46 98 86 A6 4B 31 73 A7 AC 9E 1D BA C4 A8 77 E6 E8 98 08 16 9D AB A3 2F 92 49 97 91 AF DE 02 74 C8 87 AD 00A 8B A9 EC CF 19 8F A9 AB 66 67 19 C4 78 AC AC CF 0D 00 00 1A 03 01 02 40 00 12 04 01 05 01 02 01 04 03 05 03 02 03 02 02 06 01 06 03 00 00 0E 00 000 [ $FK1sw/Itjfgx@]
*Dec 4 13:03:20.366: RADIUS: State [24] 38
*Dec 4 13:03:20.374: RADIUS: 1E 99 03 97 00 00 01 37 00 01 02 00 AC 10 0A 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 32 64 FE F8 [ 72d]
*Dec 4 13:03:20.374: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.374: RADIUS: 98 24 05 85 9B 66 9E 98 6F 24 A5 29 25 3F 7E 8A [ $fo$)??~]
*Dec 4 13:03:20.374: RADIUS(0001F4DE): Received from id 1645/31
*Dec 4 13:03:20.374: RADIUS/DECODE: EAP-Message fragments, 253+90, total 343 bytes
*Dec 4 13:03:20.399: RADIUS/ENCODE(0001F4DE):Orig. component type = Dot1X
*Dec 4 13:03:20.399: RADIUS: AAA Unsupported Attr: service-type [344] 4 2
*Dec 4 13:03:20.399: RADIUS: AAA Unsupported Attr: audit-session-id [819] 24 64655104
*Dec 4 13:03:20.399: RADIUS: AAA Unsupported Attr: interface [221] 15 64658484
*Dec 4 13:03:20.399: RADIUS(0001F4DE): Config NAS IP: 0.0.0.0
*Dec 4 13:03:20.399: RADIUS(0001F4DE): Config NAS IPv6: ::
*Dec 4 13:03:20.399: RADIUS/ENCODE(0001F4DE): acct_session_id: 128212
*Dec 4 13:03:20.399: RADIUS(0001F4DE): sending
*Dec 4 13:03:20.399: RADIUS/ENCODE: Best Local IP-Address 172.16.1.34 for Radius-Server 172.16.10.5
*Dec 4 13:03:20.399: RADIUS(0001F4DE): Send Access-Request to 172.16.10.5:1812 id 1645/32, len 354
*Dec 4 13:03:20.399: RADIUS: authenticator 0E A2 18 4F EB 09 34 F4 - 60 A8 C5 BB 5C 64 81 17
*Dec 4 13:03:20.399: RADIUS: User-Name [1] 14 "SLMO\naveenp"
*Dec 4 13:03:20.399: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 4 13:03:20.399: RADIUS: Framed-MTU [12] 6 1500
*Dec 4 13:03:20.399: RADIUS: Called-Station-Id [30] 19 "AC-7E-8A-EF-C1-87"
*Dec 4 13:03:20.399: RADIUS: Calling-Station-Id [31] 19 "04-BF-1B-52-3D-89"
*Dec 4 13:03:20.399: RADIUS: EAP-Message [79] 177
*Dec 4 13:03:20.399: RADIUS: 02 04 00 AF 19 80 00 00 00 A5 16 03 03 00 6D 0B 00 00 03 00 00 00 10 00 00 62 61 04 A0 E9 92 C6 8C AB F8 CC A1 72 200 89 58 93 3D 3D 62 D7 1D F2 C3 23 C1 29 FC 67 1F 4F 51 64 96 7A [mbar X==b#)gOQdz]
*Dec 4 13:03:20.399: RADIUS: 0C 11 49 FB 04 8E 2D 88 7A FF 75 A2 FA 70 9B 27 18 3F D1 49 6E 5E C0 CF 92 35 55 7E 68 90 55 CE E8 62 [I-zup'?In^5UUb]
*Dec 4 13:03:20.408: RADIUS: 07 64 AF 0F C0 F8 A4 8A BE 96 00 B8 92 F9 6D F2 F1 22 F3 2A 62 8F D5 A3 F6 67 CB 05 9F 14 03 03 00 01 01 16 03 03 008 00 00 00 00 00 00 00 00 78 62 80 45 CA 86 14 B7 D6 44 63 02 D6 3E A5 BE A9 64 A8 A8 38 8D 5A [dm"*bg(xbEDc>d8Z]
*Dec 4 13:03:20.408: RADIUS: AC 39 E8 5D 21 2E C8 6E 54 [ 9]!.nT]
*Dec 4 13:03:20.408: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.408: RADIUS: 49 83 4F A6 EE C1 CE 8A BE 41 93 B1 63 52 33 5F [ IOAcR3_]
*Dec 4 13:03:20.408: RADIUS: EAP-Key-Name [102] 2 *
*Dec 4 13:03:20.408: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Dec 4 13:03:20.408: RADIUS: NAS-Port [5] 6 50007
*Dec 4 13:03:20.408: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/7"
*Dec 4 13:03:20.408: RADIUS: State [24] 38
*Dec 4 13:03:20.408: RADIUS: 1E 99 03 97 00 00 01 37 00 01 02 00 AC 10 0A 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 32 64 FE F8 [ 72d]
*Dec 4 13:03:20.408: RADIUS: NAS-IP-Address [4] 6 172.16.1.34
*Dec 4 13:03:20.408: RADIUS(0001F4DE): Sending a IPv4 Radius Packet
*Dec 4 13:03:20.408: RADIUS(0001F4DE): Started 5 sec timeout
*Dec 4 13:03:20.416: RADIUS: Received from id 1645/32 172.16.10.5:1812, Access-Challenge, len 145
*Dec 4 13:03:20.416: RADIUS: authenticator 5D 63 A6 E2 4F 31 03 4C - D9 66 97 83 4B D8 25 23
*Dec 4 13:03:20.416: RADIUS: Session-Timeout [27] 6 30
*Dec 4 13:03:20.416: RADIUS: EAP-Message [79] 63
*Dec 4 13:03:20.425: RADIUS: 01 05 00 3D 19 80 00 00 00 33 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 DC 5A 20 A2 C7 94 73 9D 72 3A4 F3 93 90 32 4C 83 0D E2 01 FE 74 D6 4E 3E C3 CC 63 07 84 4F [=3(Z sr:42LtN>cO]
*Dec 4 13:03:20.425: RADIUS: 76 [ v]
*Dec 4 13:03:20.425: RADIUS: State [24] 38
*Dec 4 13:03:20.425: RADIUS: 1E 99 03 97 00 00 01 37 00 01 02 00 AC 10 0A 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 32 64 FE F8 [ 72d]
*Dec 4 13:03:20.425: RADIUS: Message-Authenticato[80] 18
*Dec 4 13:03:20.425: RADIUS: BA 46 1B 33 F4 8C FC B8 1A 8E D2 81 F3 5A 26 F7 [ F3Z&]
*Dec 4 13:03:20.425: RADIUS(0001F4DE): Received from id 1645/32
*Dec 4 13:03:20.425: RADIUS/DECODE: EAP-Message fragments, 61, total 61 bytes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2024 11:11 PM
i did not see the config - is this added to switch ?
dot1x system-auth-control
make sure you NTP setup correctly for the time:
Dec 4 13:02:04.860: %DOT1X-5-FAIL: Authentication failed for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC1001220001F4B99A73ED20
*Dec 4 13:02:04.860: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC11220001F4B99A73ED20
*Dec 4 13:02:04.860: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (04bf.1b52.3d89) on Interface Fa0/7 AuditSessionID AC1001220001F99A73ED20check the logs you posted its failing, what kind of authentication you testing ?
some guide lines :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide