Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2259
Views
0
Helpful
1
Replies

dot1x authentication not working on 2950

madhusudhan s
Level 1
Level 1

‎03-15-2011 06:15 AM - edited ‎03-06-2019 04:05 PM

Hi ALL ,

I have issue with 2950 switch dot1x config is not working , but on 2960 its working fine .Below are the configs from both switches and a debug dot1x all snap , please share if any one have some idea what may be the issue with 2950 switch ...

---------

on 2950======>

aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius


!
dot1x system-auth-control


!
interface FastEthernet0/1
switchport mode access
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout tx-period 1
!

radius-server host 172.16.25.100 auth-port 1645 acct-port 1646 key ######################

==========================


on2960

aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
aaa session-id common  -

!
dot1x system-auth-control
dot1x critical eapol

!
interface FastEthernet0/1
switchport mode access
dot1x mac-auth-bypass  
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout tx-period 1
dot1x reauthentication -
storm-control broadcast level 80.00
storm-control multicast level 80.00
storm-control unicast level 80.00
!


radius-server host 172.16.25.100 auth-port 1645 acct-port 1646 key 7 ########################
radius-server source-ports 1645-1646 -----------------absent

ADKV_Mumbai_SW#debug dot1x all
ADKV_Mumbai_SW#sho
ADKV_Mumbai_SW#show dot
ADKV_Mumbai_SW#show dot1x
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d:     dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000

4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
Sysauthcontrol                    = Enabled
Supplicant Allowed In Guest Vlan  = Disabled
Dot1x Protocol Version            = 1
=======================================================================
ADKV_Mumbai_SW#debug dot1x all
ADKV_Mumbai_SW#sho
ADKV_Mumbai_SW#show dot
ADKV_Mumbai_SW#show dot1x
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d:     dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000

4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
Sysauthcontrol                    = Enabled
Supplicant Allowed In Guest Vlan  = Disabled
Dot1x Protocol Version            = 1

ADKV_Mumbai_SW#
ADKV_Mumbai_SW#
ADKV_Mumbai_SW#
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d:     dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000

4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
ADKV_Mumbai_SW#
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d:     dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-sm:dot1x_auth_connecting_action:0000.0000.0000 auth_count=4 exceeded max auth count=3

4w3d: dot1x-ev:Default and only instance. evaluation for guest vlan move

4w3d:     dot1x_auth Fa0/1: during state auth_connecting, got event 14(reAuthMax_exceeded)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_fallback
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_exit alled
4w3d:     dot1x_auth Fa0/1: during state auth_fallback, got event 14(reAuthMax_exceeded)
4w3d: @@@ dot1x_auth Fa0/1: auth_fallback -> auth_disconnected
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_disconnected_enter_action called
4w3d: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZED
4w3d: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/1 (admin=Both, current oper=Both)
4w3d: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/1 is Both
4w3d: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/1
4w3d: dot1x-ev:dot1x_update_port_status: Called with host_mode=1 state UNAUTHORIZED

4w3d: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to send port to unauthorized on vlan 0

4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344

4w3d: dot1x-ev:dot1x_port_unauthorized: Host-mode=1 radius/guest vlan=0 on FastEthernet0/1

4w3d: dot1x-ev:    GuestVlan configured=0

4w3d: dot1x-ev:supplicant 0000.0000.0000 is default

4w3d: dot1x-ev:supplicant 0000.0000.0000 is last

4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344

4w3d: dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/1
4w3d: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/1
4w3d: dot1x-ev:Enter function dot1x_aaa_acct_end
4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344

4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344

4w3d:     dot1x_auth Fa0/1: idle during state auth_disconnected
4w3d: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_enter called
4w3d: dot1x-sm:dot1x_auth_connecting_action:0000.0000.0000 Posting reAuthMax_exceeded event

4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/1
4w3d: dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL

4w3d: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=2

4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Failure, id 1, ver 1, len 4 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/1
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000

4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
ADKV_Mumbai_SW#
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d:     dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000

4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)

------------------------

Thank you for reply !!

thanx

Labels:
0 Helpful
1 Reply 1

yadavsandip
Level 1
Level 1

‎03-26-2012 11:58 PM

We are also facing same issue, on Cisco 2950. Users are unable to connect on 2950 but able to 2960.

Actuall both 2950 n 2960 working fine with primary ACS, but 2950 is not working with secondary ACS (when primary get down)  following are debug messages on 2950:

4d02h: dot1x-sm:Fa0/3:0000.0000.0000:dot1x_process_txWhen_expire called

4d02h:     dot1x_auth Fa0/3: during state auth_connecting, got event 19(txWhen_expire)

4d02h: @@@ dot1x_auth Fa0/3: auth_connecting -> auth_connecting

4d02h: dot1x-sm:Fa0/3:0000.0000.0000:auth_connecting_connecting_action called

4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Skipping tx for req_id for default supplicant

Anybody hv idea where d prob is??

Thanx.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card