cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
783
Views
0
Helpful
3
Replies

dot1x-err: Trunk port being Authorized!! ?

gallaherukraine
Level 1
Level 1

Hello,

I`ve configured dot1x on the switch & test laptop (XP sp2, NIC Intel PRO/100 VE ).

See error message (debug dot1x all) below

Error message:

010451: 10w4d: dot1x-err:Dot1x is supportedonly on Access,Routed and private-vlan host modes.Trunk port being Authorized!! som

ething went wrong

010452: 10w4d: dot1x-err:Port wouldn't come up. Failing authorization.

Here is port configuration:

interface GigabitEthernet0/15

switchport access vlan 240

switchport mode access

dot1x port-control auto

dot1x timeout reauth-period 3000

dot1x guest-vlan 520

dot1x reauthentication

spanning-tree portfast

!

Log from MS IAS server

Event Type: Information

Event Source: IAS

Event Category: None

Event ID: 1

Date: 04.09.2006

Time: 12:56:52

User: N/A

Computer: UKR-KIE-DC-02

Description:

User Domain\username was granted access.

Fully-Qualified-User-Name = domain.com/LDU_Users/Kiev/users/Mobile/Username

NAS-IP-Address = 10.170.60.1

NAS-Identifier = <not present>

Client-Friendly-Name = ukr-kie-swh-01

Client-IP-Address = 10.170.60.1

Calling-Station-Identifier = 00-0E-7B-6B-7F-17

NAS-Port-Type = Ethernet

NAS-Port = 50015

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = vlan 480

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

IOS Version

c3560-ipbase-mz.122-25.SEB4

cat3560#sh dot1x interface gigabitEthernet 0/15

Supplicant MAC 000e.7b6b.7f17

AuthSM State = AUTHENTICATED

BendSM State = IDLE

PortStatus = AUTHORIZED

MaxReq = 2

MaxAuthReq = 2

HostMode = Single

PortControl = Auto

QuietPeriod = 60 Seconds

Re-authentication = Enabled

ReAuthPeriod = 3000 Seconds

ServerTimeout = 30 Seconds

SuppTimeout = 30 Seconds

TxPeriod = 30 Seconds

Guest-Vlan = 520

cat3560#sh dot1x statistics interface gigabitEthernet 0/15

PortStatistics Parameters for Dot1x

--------------------------------------------

TxReqId = 2 TxReq = 12 TxTotal = 14

RxStart = 0 RxLogoff = 0 RxRespId = 1 RxResp = 11

RxInvalid = 0 RxLenErr = 0 RxTotal = 12

RxVersion = 1 LastRxSrcMac = 000e.7b6b.7f17

3 Replies 3

mheusinger
Level 10
Level 10

Hi,

are you sure no further dot1x config is present on a trunk port in the switch?

Regards, Martin

cat3560#sh dot1x all

Dot1x Info for interface GigabitEthernet0/15

----------------------------------------------------

Supplicant MAC 0008.0d3b.41ca

AuthSM State = AUTHENTICATED

BendSM State = IDLE

PortStatus = AUTHORIZED

MaxReq = 2

MaxAuthReq = 2

HostMode = Single

PortControl = Auto

QuietPeriod = 60 Seconds

Re-authentication = Enabled

ReAuthPeriod = 3000 Seconds

ServerTimeout = 30 Seconds

SuppTimeout = 30 Seconds

TxPeriod = 30 Seconds

Guest-Vlan = 520

cat3560#sh dot1x all

Dot1x Info for interface GigabitEthernet0/15

----------------------------------------------------

Supplicant MAC 0008.0d3b.41ca

AuthSM State = AUTHENTICATED

BendSM State = IDLE

PortStatus = AUTHORIZED

MaxReq = 2

MaxAuthReq = 2

HostMode = Single

PortControl = Auto

QuietPeriod = 60 Seconds

Re-authentication = Enabled

ReAuthPeriod = 3000 Seconds

ServerTimeout = 30 Seconds

SuppTimeout = 30 Seconds

TxPeriod = 30 Seconds

Guest-Vlan = 520

Review Cisco Networking for a $25 gift card