03-15-2011 06:15 AM - edited 03-06-2019 04:05 PM
Hi ALL ,
I have issue with 2950 switch dot1x config is not working , but on 2960 its working fine .Below are the configs from both switches and a debug dot1x all snap , please share if any one have some idea what may be the issue with 2950 switch ...
---------
on 2950======>
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
dot1x system-auth-control
!
interface FastEthernet0/1
switchport mode access
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout tx-period 1
!
radius-server host 172.16.25.100 auth-port 1645 acct-port 1646 key ######################
==========================
on2960
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
aaa session-id common -
!
dot1x system-auth-control
dot1x critical eapol
!
interface FastEthernet0/1
switchport mode access
dot1x mac-auth-bypass
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout tx-period 1
dot1x reauthentication -
storm-control broadcast level 80.00
storm-control multicast level 80.00
storm-control unicast level 80.00
!
radius-server host 172.16.25.100 auth-port 1645 acct-port 1646 key 7 ########################
radius-server source-ports 1645-1646 -----------------absent
ADKV_Mumbai_SW#debug dot1x all
ADKV_Mumbai_SW#sho
ADKV_Mumbai_SW#show dot
ADKV_Mumbai_SW#show dot1x
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d: dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000
4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
Sysauthcontrol = Enabled
Supplicant Allowed In Guest Vlan = Disabled
Dot1x Protocol Version = 1
=======================================================================
ADKV_Mumbai_SW#debug dot1x all
ADKV_Mumbai_SW#sho
ADKV_Mumbai_SW#show dot
ADKV_Mumbai_SW#show dot1x
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d: dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000
4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
Sysauthcontrol = Enabled
Supplicant Allowed In Guest Vlan = Disabled
Dot1x Protocol Version = 1
ADKV_Mumbai_SW#
ADKV_Mumbai_SW#
ADKV_Mumbai_SW#
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d: dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000
4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
ADKV_Mumbai_SW#
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d: dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-sm:dot1x_auth_connecting_action:0000.0000.0000 auth_count=4 exceeded max auth count=3
4w3d: dot1x-ev:Default and only instance. evaluation for guest vlan move
4w3d: dot1x_auth Fa0/1: during state auth_connecting, got event 14(reAuthMax_exceeded)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_fallback
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_exit alled
4w3d: dot1x_auth Fa0/1: during state auth_fallback, got event 14(reAuthMax_exceeded)
4w3d: @@@ dot1x_auth Fa0/1: auth_fallback -> auth_disconnected
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_disconnected_enter_action called
4w3d: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZED
4w3d: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/1 (admin=Both, current oper=Both)
4w3d: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/1 is Both
4w3d: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/1
4w3d: dot1x-ev:dot1x_update_port_status: Called with host_mode=1 state UNAUTHORIZED
4w3d: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to send port to unauthorized on vlan 0
4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344
4w3d: dot1x-ev:dot1x_port_unauthorized: Host-mode=1 radius/guest vlan=0 on FastEthernet0/1
4w3d: dot1x-ev: GuestVlan configured=0
4w3d: dot1x-ev:supplicant 0000.0000.0000 is default
4w3d: dot1x-ev:supplicant 0000.0000.0000 is last
4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344
4w3d: dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/1
4w3d: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/1
4w3d: dot1x-ev:Enter function dot1x_aaa_acct_end
4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344
4w3d: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80E2B344
4w3d: dot1x_auth Fa0/1: idle during state auth_disconnected
4w3d: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_enter called
4w3d: dot1x-sm:dot1x_auth_connecting_action:0000.0000.0000 Posting reAuthMax_exceeded event
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/1
4w3d: dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=2
4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Failure, id 1, ver 1, len 4 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/1
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000
4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
ADKV_Mumbai_SW#
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:dot1x_process_txWhen_expire called
4w3d: dot1x_auth Fa0/1: during state auth_connecting, got event 19(txWhen_expire)
4w3d: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_connecting
4w3d: dot1x-sm:Fa0/1:0000.0000.0000:auth_connecting_connecting_action called
4w3d: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000
4w3d: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/1
4w3d: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/1)
4w3d: dot1x-registry:registry:dot1x_ether_macaddr called
4w3d: dot1x-packet:Tx sa=001a.6cea.f281, da=0180.c200.0003, et 888E (Fa0/1)
------------------------
Thank you for reply !!
thanx
03-26-2012 11:58 PM
We are also facing same issue, on Cisco 2950. Users are unable to connect on 2950 but able to 2960.
Actuall both 2950 n 2960 working fine with primary ACS, but 2950 is not working with secondary ACS (when primary get down) following are debug messages on 2950:
4d02h: dot1x-sm:Fa0/3:0000.0000.0000:dot1x_process_txWhen_expire called
4d02h: dot1x_auth Fa0/3: during state auth_connecting, got event 19(txWhen_expire)
4d02h: @@@ dot1x_auth Fa0/3: auth_connecting -> auth_connecting
4d02h: dot1x-sm:Fa0/3:0000.0000.0000:auth_connecting_connecting_action called
4d02h: dot1x-ev:dot1x_post_message_to_auth_sm: Skipping tx for req_id for default supplicant
Anybody hv idea where d prob is??
Thanx.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide