01-22-2020 06:43 AM
Hi.
As the title say, I have enabled 802.1x (and MAB) via 3CPL and policies on a switchport, and it works fine.
Until the computer falls asleep.
Then the switchport starts to generate error logs like this:
Jan 22 14:16:34.492: %SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (13e2.1e14.a20a) on Interface GigabitEthernet1/0/13 AuditSessionID FA64320A00015AFCCD99EA23. Failure reason: Authc fail. Authc failure reason: Cred Fail.
every 60 seconds.
I have found that this happens when the NIC on the computer has enabled the "Allow the computer to turn off this device to save power" option... which is enable by default on all Windows computers.
And it needs to stay that way to enable WoL.
So how can I get rid of the error messages in the switch?
Thanks.
01-22-2020 10:01 AM
01-24-2020 05:40 AM
Hi
Yes, I see the same problem with WoL enabled devices. I increased the authentication restart for 802.1x fail/no response to 65535 seconds to decrease the amount of messages - see below.
event session-started match-all
10 class always do-until-failure
10 authenticate using dot1x retries 3 retry-time 30 priority 10
..
event authentication-failure match-first
..
5 class DOT1X_FAILED do-until-failure
10 terminate dot1x
20 authentication-restart 65535
10 class DOT1X_NO_RESP do-until-failure
10 terminate dot1x
20 authentication-restart 65535
..
event agent-found match-all
10 class always do-until-failure
10 terminate mab
20 authenticate using dot1x retries 3 retry-time 30 priority 10
when I was looking at a powershell script to whitelist pxe imaging clients (through the ISE API) I considered using the same script to whitelist WoL PC's (i.e run the script on pc shutdown to whitelist the PC mac and run the script again on pc boot to remove the PC from the whitelist). Seemed way too complicated so I dropped that idea. Script used for whitelisting is available here:
hth
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide