Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
636
Views
0
Helpful
1
Replies

Any related document about IEEE802.1X Auth unknown user?

mhiyoshi
Level 3
Level 3

‎02-13-2018 08:45 PM - edited ‎03-08-2019 01:50 PM

Dear Support all,

I would just like to know if there is any specification document or comments.

The test is below, Firstly I  have checked the IEEE802.1X auth user then disable Windows7 NIC setting but

Interface L1 connect keeps up. After that the C841M always show the output.

 

C841M#sh authentication sessions
Interface MAC Address Method Domain Status Session ID
Gi0/0 0000.0000.5555 dot1x DATA Authz Success C0A801FE0000002F00FAEC88

 

*Disable Windows NIC setting.

 

C841M#sh authentication sessions
Interface MAC Address Method Domain Status Session ID
Gi0/0 (unknown) dot1x UNKNOWN Running C0A801FE0000003000FB6004


*Feb 14 04:05:59.646: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:05:59.646: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:05:59.646: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:05:59.646: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:05:59.646: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC

 

*After 150 seconds

 

*Feb 14 04:08:32.818: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:08:32.818: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:08:32.818: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:08:32.818: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC
*Feb 14 04:08:32.818: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Gi0/0 AuditSessionID C0A801FE0000002C00E483EC

 

C841M#sh ip int brief | in up
GigabitEthernet0/0 unassigned YES unset up down

 

Compared with Cat2960S it is same so I think this is normal behaviour but I can not fine out any URL.

 
Cat2960S#sh authentication sessions

Interface MAC Address Method Domain Status Session ID
Gi1/0/2 (unknown) dot1x UNKNOWN Running C0A801FE0000000304E13227


*Mar 1 22:45:59.787: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E13227
*Mar 1 22:45:59.787: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E13227
*Mar 1 22:45:59.787: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E13227
*Mar 1 22:45:59.787: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E13227
*Mar 1 22:45:59.787: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E13227

 

*After 150 seconds

 

*Mar 1 22:48:32.906: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E13227
*Mar 1 22:48:32.906: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E13227
*Mar 1 22:48:32.906: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID C0A801FE0000000304E

 

Any feedback might be appreciate! Thank you.

 

Best Regards,

 

Masanobu Hiyoshi

 

 

Labels:
0 Helpful
1 Reply 1

mhiyoshi
Level 3
Level 3

‎02-13-2018 09:22 PM - edited ‎02-13-2018 09:23 PM

That is what I want.

[Wired 802.1X Deployment Guide]

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp387271

 

According to the URL, default ReAuthMAX is 2 and TxPeriod is 30 seconds

(2+1) * 30 = 90 seconds + 60 Quiet Timer = 150 seconds 

 

In my understanding 150 seconds is calculated timeout is that right? 

 

Best Regards,

Masanobu Hiyoshi

 

 

0 Helpful
Customers Also Viewed These Support Documents