I am trying to debug IBNS 2.0 on one of my switchports when a non-responsive device is connected.
I have the following debug logging enabled:
testswitch#sho debug
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Accounting debugging is on
IOSXE Conditional Debug Configs:
Conditional Debug Global State: Stop
PRE:
all debugging is on
Packet Infra debugs:
Ip Address Port
------------------------------------------------------|----------
EAP Framework Authenticator:
EAP authenticator errors debugging is on
EAP authenticator events debugging is on
EAP authenticator packets debugging is on
EAP authenticator state machine debugging is on
EAP Framework Peer:
EAP peer errors debugging is on
EAP peer packets debugging is on
EAP peer state machine debugging is on
Radius protocol debugging is on
Radius protocol verbose debugging is on
Radius packet protocol debugging is on
Radius elog debugging debugging is on
Radius table debugging is on
template:
Template event debugging is on
Template error debugging is on
identity:
identity events debugging is on
Auth Manager:
Auth Manager errors debugging is on
Auth Manager events debugging is on
Auth Manager detailed debugs debugging is on
Auth Manager sync debugging is on
dot1x:
Dot1x registry info debugging is on
Dot1x redundancy info debugging is on
Dot1x packet info debugging is on
Dot1x events debugging is on
Dot1x State machine transitions and actions debugging is on
Dot1x Errors debugging is on
Dot1x Supplicant EAP-FAST debugging is on
Dot1x Manager debugging is on
Dot1x Supplicant State Machine debugging is on
my logging configuration:
testswitch#sho log
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 505 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 346 messages logged, xml disabled,
filtering disabled
Logging to: vty2(268)
Buffer logging: level debugging, 507 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: enabled, url crashinfo:/syslog, disk space 24987238 bytes, file size 262144 bytes, batch size 4096 bytes
Trap logging: level informational, 143 message lines logged
Logging Source-Interface: VRF Name:yet when I bring the interface up, the only things that get logged are as follows:
testswitch(config-if)#no shut
testswitch(config-if)#
Jan 8 15:01:29.305: AAA/AUTHOR: auth_need : user= 'cps' ruser= 'testswitch'rem_addr= '10.11.96.2' priv= 15 list= '' AUTHOR-TYPE= 'commands'
Jan 8 15:01:31.306: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
Jan 8 15:01:33.774: AUTH-EVENT: Host mode is MA/MD. Will not set mac_seen flag
Jan 8 15:01:33.775: AUTH-EVENT: Host mode is MA/MD. Will not set mac_seen flag
Jan 8 15:01:33.827: %SESSION_MGR-5-FAIL:Switch 1 R0/0: smd: Authorization failed or unapplied for client (E8D8.D142.9356) on Interface GigabitEthernet1/0/1 AuditSessionID 0A0BC86400000024855CF81A
Jan 8 15:01:33.843: %SESSION_MGR-5-FAIL:Switch 1 R0/0: smd: Authorization failed or unapplied for client (E8D8.D142.9356) on Interface GigabitEthernet1/0/1 AuditSessionID 0A0BC86400000024855CF81A
Jan 8 15:01:35.266: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
Jan 8 15:01:36.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
Based on what I've seen on other switches and in IBNS 2.0 guide examples, I feel like I should be seeing a lot more logged about the dot1x supplicant eap timing out, and the PRE debug should be logging information about how my CPL went thru its logic.. What am I doing wrong here?
