cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
967
Views
0
Helpful
3
Replies

Dot1x issue with WS-C2960G-8TC-L

smanasijevic
Level 1
Level 1

Hi,

I have issue with with small 8-port switches and port authentication with EAP-TLS.  

Error:  %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client

Error:  %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client

Conf:

aaa new-model
aaa authentication dot1x default group radius

dot1x system-auth-control

radius-server host xxxxxx auth-port 1812 acct-port 1813 key xxxxx

interface GigabitEthernet0/6
 switchport access vlan 200
 switchport mode access
 authentication port-control auto
 dot1x pae authenticator
 spanning-tree portfast

 

Same configuration on other switches like WS-C2960X-48FPS-L  and WS-C3850-24P-S works with no problem. 

Is 802.1x supported on WS-C2960G-8TC-L, or i'm missing something here?

IOS Version 15.0(2)

 

Thanks

3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

​Yes, It is supported.

Check out the below link , as i believe few commands are still required.

https://github.com/trustathsh/tnc-fhh/wiki/HowTo-configure-a-Cisco-2960-switch-for-8021x

Hope it Helps..

-GI

Rate if it Helps..

Hi Ganeshh,

I don't see what's missing or what is different in my and configuration from your link. Only thing different is radius server setting, but I think that's not an issue since it is working on other switches in my network.

 

Thanks

 

Maybe debug can help you, because i'm out of ideas...

 

Oct  8 10:05:25.795: dot1x-ev(Gi0/4): Sending EAPOL packet to group PAE address
Oct  8 10:05:25.795: dot1x-ev(Gi0/4): Role determination not required
Oct  8 10:05:25.795: dot1x-registry:registry:dot1x_ether_macaddr called
Oct  8 10:05:25.795: dot1x-ev(Gi0/4): Sending out EAPOL packet
Oct  8 10:05:25.795: EAPOL pak dump Tx
Oct  8 10:05:25.795: EAPOL Version: 0x3  type: 0x0  length: 0x0004
Oct  8 10:05:25.795: EAP code: 0x4  id: 0x1  length: 0x0004
Oct  8 10:05:25.795: dot1x-packet(Gi0/4): dot1x_auth_txCannedStatus: EAPOL packet sent to client 0xC5000003 (0026.b9e0.4132)
Oct  8 10:05:25.795: dot1x-sm(Gi0/4): 0xC5000003:auth_connecting_disconnected_reAuthMax_action called
Oct  8 10:05:25.795:     dot1x_auth Gi0/4: idle during state auth_disconnected
Oct  8 10:05:25.804: @@@ dot1x_auth Gi0/4: auth_disconnected -> auth_restart
Oct  8 10:05:25.804: dot1x-ev(Gi0/4): Sending event (1) to Auth Mgr for 0026.b9e0.4132
Oct  8 10:05:25.804: dot1x-ev:Delete auth client (0xC5000003) message
Oct  8 10:05:25.804: dot1x-ev:Auth client ctx destroyed
Oct  8 10:05:26.005:     dot1x_auth Gi0/4: initial state auth_initialize has enter
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_initialize_enter called
Oct  8 10:05:26.005:     dot1x_auth Gi0/4: during state auth_initialize, got event 0(cfg_auto)
Oct  8 10:05:26.005: @@@ dot1x_auth Gi0/4: auth_initialize -> auth_disconnected
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_disconnected_enter called
Oct  8 10:05:26.005:     dot1x_auth Gi0/4: idle during state auth_disconnected
Oct  8 10:05:26.005: @@@ dot1x_auth Gi0/4: auth_disconnected -> auth_restart
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_restart_enter called
Oct  8 10:05:26.005: dot1x-ev(Gi0/4): Sending create new context event to EAP for 0x86000004 (0000.0000.0000)
Oct  8 10:05:26.005:     dot1x_auth_bend Gi0/4: initial state auth_bend_initialize has enter
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_bend_initialize_enter called
Oct  8 10:05:26.005:     dot1x_auth_bend Gi0/4: initial state auth_bend_initialize has idle
Oct  8 10:05:26.005:     dot1x_auth_bend Gi0/4: during state auth_bend_initialize, got event 16383(idle)
Oct  8 10:05:26.005: @@@ dot1x_auth_bend Gi0/4: auth_bend_initialize -> auth_bend_idle
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_bend_idle_enter called
Oct  8 10:05:26.005: dot1x-ev(Gi0/4): Created a client entry (0x86000004)
Oct  8 10:05:26.005: dot1x-ev(Gi0/4): Dot1x authentication started for 0x86000004 (0000.0000.0000)
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): Posting !EAP_RESTART on Client 0x86000004
Oct  8 10:05:26.005:     dot1x_auth Gi0/4: during state auth_restart, got event 6(no_eapRestart)
Oct  8 10:05:26.005: @@@ dot1x_auth Gi0/4: auth_restart -> auth_connecting
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_connecting_enter called
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_restart_connecting_action called
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): Posting RX_REQ on Client 0x86000004
Oct  8 10:05:26.005:     dot1x_auth Gi0/4: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
Oct  8 10:05:26.005: @@@ dot1x_auth Gi0/4: auth_connecting -> auth_authenticating
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_authenticating_enter called
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_connecting_authenticating_action called
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): Posting AUTH_START for 0x86000004
Oct  8 10:05:26.005:     dot1x_auth_bend Gi0/4: during state auth_bend_idle, got event 4(eapReq_authStart)
Oct  8 10:05:26.005: @@@ dot1x_auth_bend Gi0/4: auth_bend_idle -> auth_bend_request
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_bend_request_enter called
Oct  8 10:05:26.005: dot1x-ev(Gi0/4): Sending EAPOL packet to group PAE address
Oct  8 10:05:26.005: dot1x-ev(Gi0/4): Role determination not required
Oct  8 10:05:26.005: dot1x-registry:registry:dot1x_ether_macaddr called
Oct  8 10:05:26.005: dot1x-ev(Gi0/4): Sending out EAPOL packet
Oct  8 10:05:26.005: EAPOL pak dump Tx
Oct  8 10:05:26.005: EAPOL Version: 0x3  type: 0x0  length: 0x0005
Oct  8 10:05:26.005: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
Oct  8 10:05:26.005: dot1x-packet(Gi0/4): EAPOL packet sent to client 0x86000004 (0000.0000.0000)
Oct  8 10:05:26.005: dot1x-sm(Gi0/4): 0x86000004:auth_bend_idle_request_action called
Oct  8 10:05:26.475: dot1x-ev(Gi0/4): New client notification from AuthMgr for 0x86000004 - 0026.b9e0.4132
Oct  8 10:05:26.475: %AUTHMGR-5-START: Starting 'dot1x' for client (0026.b9e0.4132) on Interface Gi0/4 AuditSessionID C0A80A53000000040014B9FD
Oct  8 10:05:26.475: dot1x-sm(Gi0/4): Posting RESTART on Client 0x86000004
Oct  8 10:05:26.475:     dot1x_auth Gi0/4: during
Oct  8 10:06:28.224: dot1x-sm(Gi0/4): Posting EAP_REQ for 0x86000004
Oct  8 10:06:28.224:     dot1x_auth_bend Gi0/4: during state auth_bend_request, got event 7(eapReq)
Oct  8 10:06:28.224: @@@ dot1x_auth_bend Gi0/4: auth_bend_request -> auth_bend_request
Oct  8 10:06:28.224: dot1x-sm(Gi0/4): 0x86000004:auth_bend_request_request_action called
Oct  8 10:06:28.224: dot1x-sm(Gi0/4): 0x86000004:auth_bend_request_enter called
Oct  8 10:06:28.224: dot1x-ev(Gi0/4): Sending EAPOL packet to group PAE address
Oct  8 10:06:28.224: dot1x-ev(Gi0/4): Role determination not required
Oct  8 10:06:28.224: dot1x-registry:registry:dot1x_ether_macaddr called
Oct  8 10:06:28.224: dot1x-ev(Gi0/4): Sending out EAPOL packet
Oct  8 10:06:28.224: EAPOL pak dump Tx
Oct  8 10:06:28.224: EAPOL Version: 0x3  type: 0x0  length: 0x0005
Oct  8 10:06:28.224: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
Oct  8 10:06:28.224: dot1x-packet(Gi0/4): EAPOL packet sent to client 0x86000004 (0026.b9e0.4132)
Oct  8 10:06:59.095: dot1x-ev(Gi0/4): Received an EAP Timeout
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): Posting EAP_TIMEOUT for 0x86000004
Oct  8 10:06:59.095:     dot1x_auth_bend Gi0/4: during state auth_bend_request, got event 12(eapTimeout)
Oct  8 10:06:59.095: @@@ dot1x_auth_bend Gi0/4: auth_bend_request -> auth_bend_timeout
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): 0x86000004:auth_bend_timeout_enter called
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): 0x86000004:auth_bend_request_timeout_action called
Oct  8 10:06:59.095:     dot1x_auth_bend Gi0/4: idle during state auth_bend_timeout
Oct  8 10:06:59.095: @@@ dot1x_auth_bend Gi0/4: auth_bend_timeout -> auth_bend_idle
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): 0x86000004:auth_bend_idle_enter called
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): Posting AUTH_TIMEOUT on Client 0x86000004
Oct  8 10:06:59.095:     dot1x_auth Gi0/4: during state auth_authenticating, got event 14(authTimeout)
Oct  8 10:06:59.095: @@@ dot1x_auth Gi0/4: auth_authenticating -> auth_authc_result
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): 0x86000004:auth_authenticating_exit called
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): 0x86000004:auth_authc_result_enter called
Oct  8 10:06:59.095: %DOT1X-5-FAIL: Authentication failed for client (0026.b9e0.4132) on Interface Gi0/4 AuditSessionID C0A80A53000000040014B9FD
Oct  8 10:06:59.095: dot1x-ev(Gi0/4): Sending event (2) to Auth Mgr for 0026.b9e0.4132
Oct  8 10:06:59.095: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (0026.b9e0.4132) on Interface Gi0/4 AuditSessionID C0A80A53000000040014B9FD
Oct  8 10:06:59.095: dot1x-ev(Gi0/4): Received Authz fail for the client  0x86000004 (0026.b9e0.4132)
Oct  8 10:06:59.095: dot1x-ev(Gi0/4): Deleting client 0x86000004 (0026.b9e0.4132)
Oct  8 10:06:59.095: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0026.b9e0.4132) on Interface Gi0/4 AuditSessionID C0A80A53000000040014B9FD
Oct  8 10:06:59.095: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (0026.b9e0.4132) on Interface Gi0/4 AuditSessionID C0A80A53000000040014B9FD
Oct  8 10:06:59.095: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0026.b9e0.4132) on Interface Gi0/4 AuditSessionID C0A80A53000000040014B9FD
Oct  8 10:06:59.095: dot1x-sm(Gi0/4): Posting_AUTHZ_FAIL on Client 0x86000004
Oct  8 10:06:59.095:     dot1x_auth Gi0/4: during state auth_authc_result, got event 22(authzFail)
Oct  8 10:06:59.095: @@@ dot1x_auth Gi0/4: auth_authc_result -> auth_held
Oct  8 10:06:59.095: dot1x-ev:Delete auth client (0x86000004) message
Oct  8 10:06:59.095: dot1x-ev:Auth client ctx destroyed
Oct  8 10:06:59.095: dot1x-ev:Aborted posting message to authenticator state machine: Invalid client
Oct  8 10:07:59.737: dot1x-ev(Gi0/4): Couldn't find the supplicant in the list
Oct  8 10:07:59.737:     dot1x_auth Gi0/4: initial state auth_initialize has enter
Oct  8 10:07:59.737: dot1x-sm(Gi0/4): 0xEC000005:auth_initialize_enter called
Oct  8 10:07:59.737:     dot1x_auth Gi0/4: during state auth_initialize, got event 0(cfg_auto)
Oct  8 10:07:59.737: @@@ dot1x_auth Gi0/4: auth_initialize -> auth_disconnected
Oct  8 10:07:59.737: dot1x-sm(Gi0/4): 0xEC000005:auth_disconnected_enter called
Oct  8 10:07:59.737:     dot1x_auth Gi0/4: idle during state auth_disconnected
Oct  8 10:07:59.737: @@@ dot1x_auth Gi0/4: auth_disconnected -> auth_restart

 

Review Cisco Networking for a $25 gift card