09-14-2012 07:25 AM
Hello
I have problem with ESW 520, on 802.1x authentication. The problem is when host authenticates successfully it works about couple of minutes, after it truest too authenticate again but it lags. On network interface it shows notification that if Failed authentication. On ACS I see only one authentication attempt which is successful. This problem is happening on Win7 and Win XP. If I unplug and plug cable it authenticates successfully, but then about couple of minutes it again lags. Switch sees port as authenticated. On Win7 event viewer I have following error:
Reason: 0x70004
Reason Text: The network stopped answering authentication requests
Error Code: 0x0
If I connect same hosts on Catalyst 2960 switch, they work successfully.
09-17-2012 03:30 PM
Hi ngtransge
There are tree possible explanations about why the authentications fails.
A)the network interface is shut down after failed computer authentication. You can see this on the switch as line protocol down for that port.
To verify the client has a domain certificate:
1. Click Start and click Run.
2. Type mmc, and then press ENTER.
3. On the File menu, click Add/Remove Snap-in.
4. Click Certificates, click Add, select Computer account, and then click Next.
5. Verify that Local computer: (the computer this console is running on) is selected, click Finish, and then click OK.
6. In the console tree, double-click Certificates (Local Computer), double-click Personal, and then click Certificates.
On a domain joined client, you should see a certificate here with Intended Purposes of Client Authentication. Make sure this certificate is not expired. If it is expired, you will need to regain connection to your CA to request a new one.
B) You should check your switch's configuration, perhaps a port or some ports could be blocked by an access-list and interrupt the re authentication.
C) If this two solutions don't work, you have to try to change the authentication method (PEAP-MSCHAPv2 or PEAP-EAP-TLS)
Greetings, Johnnatn Rodriguez Miranda
09-18-2012 03:31 AM
Hello,
I have checket double of times there is no ACL and Certificates are valid. It is fresh deploiment, and currently I am testing it in LAB.
I have observed that this condishen happening only when switch port is in "Multi Session" mode. In Single host mode and Multiple Host mode it works just fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide