cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2217
Views
10
Helpful
2
Replies
Highlighted
Beginner

How to stop logs of 802.1x

                   Hi All,

We are getting contineous logs on the switch as below

7313BD1F1

Aug 22 18:58:50.802 IST: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0013.7288.09a9) on Interface Fa5/36 AuditSessionID 3A02251100004F0D2CBF2363

Aug 22 18:59:49.685 IST: %DOT1X-5-SUCCESS: Authentication successful for client (d4be.d9c7.2a6c) on Interface Fa2/24 AuditSessionID 3A02251100004FB131C92D95

the port config is as below

switchport access vlan 5

switchport mode access

switchport voice vlan 303

switchport port-security maximum 4

switchport port-security

switchport port-security aging time 1

authentication event no-response action authorize vlan 5

authentication port-control auto

no snmp trap link-status

dot1x pae authenticator

storm-control broadcast level 0.17

no cdp enable

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

Can somebody help to stop the above logs.

Thanks       

Everyone's tags (3)
2 REPLIES 2

How to stop logs of 802.1x

As per your Interface configuration goes, port-security aging-time is set to 1 minute with aging-type as Absolute (default).

This means after every 1 minute, the MAC address learnt on the access vlan will be aged out.

Hence when the subsequent frame from the devices is received, it is learnt once again.

For dot1x mechanism this indicates the presence of a new device and it triggers dot1x authentication once again.

This is why your end devices are re-authenticated once in every 1 minute.

To resolve this, either remove aging-time or increase it to large optimal value or change the aging-type to inactivity.

Incase of aging-type set to inactivity, if the connected end device remains idle for the duration of aging-time, learnt MAC address  will be aged out and you can expect the same behaviour mentioned above

Rajmohan R
Highlighted
Engager

How to stop logs of 802.1x

To get rid of that useless types of syslog messages, you could configure a logging discriminator.

A simple example:

logging discriminator DOT1X mnemonics drops SUCCESS

logging buffered discriminator DOT1X

logging console discriminator DOT1X

(...)

HTH

Rolf

P.S.: The format of syslog-messages is %--: and you can use all of that in a discriminator.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards