11-06-2015 12:36 AM - edited 03-08-2019 02:35 AM
Hello,
I want to apply the 802.1x on my switch. Some PC are authenticated with certificat the printers with MAC @ (mab ) => not problem.
But I check some port to find the equipment on the DHCP server but some port are without MAC @ :
when I remove the 802.1x configuration on the port, the MAC @Do not appear nevertheless. In the sh log after a shut no shut the MAC @ do not appear.
Who know a tip for force the MAC @ to appear on the switch ?
With 802.1x on the port : (The authentification is success because I permit the user vlan with 802.1x guest in the same vlan.)
SWITCH#sh authentication sessions
Interface MAC Address Method Domain Status Session ID
Fa1/0/16 (unknown) N/A DATA Authz Success 0A060AFC000000060002A5CE
Fa1/0/13 (unknown) N/A DATA Authz Success 0A060AFC00003CC14A1DABFB
Fa1/0/5 (unknown) N/A DATA Authz Success 0A060AFC00003CCA4A419274
Fa1/0/2 (unknown) N/A DATA Authz Success 0A060AFC00003CE34A907735
Fa1/0/15 (unknown) N/A DATA Authz Success 0A060AFC00003D0E4DACE43A
It is empty :
SWITCH#sh mac address-table interface fa 1/0/5
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
Thanks,
Pascool :-)
11-06-2015 08:34 AM
Can you please paste the output of "show auth sess int fa1/0/5 detail"?
Regards,
Roopa
11-08-2015 11:50 PM
Hello Roor,
You can find it :
sh authentication sessions interface fa 1/0/5
Interface: FastEthernet1/0/5
MAC Address: Unknown
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-host
Oper control dir: both
Authorized By: Guest Vlan
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A060AFC00003CCA4A419274
Acct Session ID: 0x00003CE9
Handle: 0xD0000D2E
Runnable methods list:
Method State
dot1x Failed over
And the sh run :
interface FastEthernet1/0/5
switchport access vlan 100
switchport mode access
authentication event fail action authorize vlan 100
authentication event server dead action authorize vlan 100
authentication event no-response action authorize vlan 100
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication port-control auto
authentication periodic
authentication violation restrict
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 4
dot1x max-reauth-req 3
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 50
end
Pascool :-)
11-10-2015 04:36 AM
Hi,
From the outputs shared, looks like the device has failed dot1x authentication and the authentication is configured in the closed mode. Hence the switch does not learn it's MAC address, which is expected.
HTH,
Roopa
11-11-2015 05:44 AM
Hi, But without 802.1x applied on the port, the MAC @ does not appear too.
And so, with 802.1 x applied on all ports, i can see some mac @. Only a few are not visible and the configuration is the same on all the switch
Thanks, Pascool ;-)
11-16-2015 03:22 AM
When you say without dot1x enabled, can you share the config on that interface. Also can you share the config of the interface where you see the MAC addresses learned and the "show auth sess" also?
Thanks,
Roopa
11-16-2015 05:05 AM
Hello :
I do not apply the dot1x ont the int fa 1/0/34 :
interface FastEthernet1/0/34
switchport access vlan 100
switchport mode access
authentication periodic
no snmp trap link-status
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 50
end
SUB-GRA-SW03#sh mac address-table interface fa 1/0/34
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
SUB-GRA-SW03#sh authentication sessions interface fa 1/0/34
No Auth Manager contexts match supplied criteria
=> normal.
SUB-GRA-SW03#sh authentication sessions
Interface MAC Address Method Domain Status Session ID
Fa1/0/22 (unknown) N/A DATA Authz Success 0A060AFB0005BD7CAF6A3201
Fa1/0/29 (unknown) N/A DATA Authz Success 0A060AFB0005BE5ABDD2D5E0
Fa1/0/15 6c62.6d87.6a6a dot1x DATA Authz Success 0A060AFB000445E1CC3D0C4D
Fa1/0/7 000b.ab21.3828 mab DATA Authz Success 0A060AFB0005BC7AA41F0092
Fa1/0/17 d4be.d94f.a0b3 dot1x DATA Authz Success 0A060AFB0005BE55BD7FE119
Fa1/0/10 28d2.444c.ad81 dot1x DATA Authz Success 0A060AFB0005BE39BCFCCE1C
Fa1/0/43 28d2.445e.86ab dot1x DATA Authz Success 0A060AFB0005BE4EBD6A9385
Fa1/0/46 28d2.4451.4371 dot1x DATA Authz Success 0A060AFB0005BE5FBE11F4DB
Fa1/0/47 38ea.a708.1d29 mab DATA Authz Success 0A060AFB0005BC0E9F886DCE
Fa1/0/25 f8b1.56aa.186d dot1x DATA Authz Success 0A060AFB0005BE27BCDF0257
Fa1/0/39 0020.6b7a.502d mab DATA Authz Success 0A060AFB0005BE59BDCFF340
Fa1/0/11 8851.fb4d.13b2 dot1x DATA Authz Success 0A060AFB0005BE2DBCF8F987
Fa1/0/21 28d2.444c.ac17 dot1x DATA Authz Success 0A060AFB0005BE2ABCF538C5
Fa1/0/16 f8b1.56aa.c11c dot1x DATA Authz Success 0A060AFB0005BE36BCFBCDB3
Fa1/0/18 0000.aaa6.5fb5 mab DATA Authz Success 0A060AFB0005B7F59F6AD983
Fa1/0/23 0000.74ca.6691 mab DATA Authz Success 0A060AFB0005BB1F9F7939C0
* The conf on an interface with dot1x and where MAC @ is learn.
SUB-GRA-SW03#sh authentication sessions interface fa 1/0/15
Interface: FastEthernet1/0/15
MAC Address: 6c62.6d87.6a6a
IP Address: 10.6.100.27
User-Name: host/GRATH-SEC01.eu.edfencorp.net
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
Session timeout: 3600s (local), Remaining: 1572s
Timeout action: Reauthenticate
Idle timeout: N/A
Common Session ID: 0A060AFB000445E1CC3D0C4D
Acct Session ID: 0x000445EF
Handle: 0x9000080A
Runnable methods list:
Method State
dot1x Authc Success
* The conf on the interface with dot1x but with the MAC @ empty :
SUB-GRA-SW03#sh authentication sessions interface fa 1/0/22
Interface: FastEthernet1/0/22
MAC Address: Unknown
IP Address: Unknown
User-Name: UNRESPONSIVE
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-host
Oper control dir: both
Authorized By: Guest Vlan
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A060AFB0005BD7CAF6A3201
Acct Session ID: 0x0005BDA3
Handle: 0x11000339
Runnable methods list:
Method State
dot1x Failed over
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide