Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
821
Views
0
Helpful
2
Replies

Dot1x/mab - Auth-event every fifth second

jmandersson
Level 1
Level 1

‎09-17-2009 10:54 PM - edited ‎03-06-2019 07:46 AM

Hi all,

I'm doing some testing with dot1x and mab on a 2960 (c2960-lanbasek9-mz.122-50.SE3). I want my ATA-box to authenticate using it mac-address and end up in the vocie vlan.

By using the underlaying config and the cisco-av-pair device-traffic-class=voice, it works.

switchport voice vlan 300

authentication host-mode multi-domain

authentication port-control auto

authentication periodic

authentication violation protect

mab

dot1x pae authenticator

But i believe something is not right and I can't find the cause of it. When I use the "debug authentication event" the following message appear every fifth second:

Sep 18 08:35:24.688: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_present: client for mac address 0011.bb08.24b6 has been notified on FastEthernet0/2

Sep 18 08:35:24.688: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_authorized: client for mac address 0011.bb08.24b6 is authorized FastEthernet0/2

Is it supposed to create an AUTH-EVENT for every client every fifth second? It seems strange to me...

Best Regards,

Johan

Labels:
0 Helpful
2 Replies 2

b.julin
Level 3
Level 3

‎09-21-2009 01:28 PM

5 seconds seems a bit often. Heck in the right mab scenarios you don't even need to have "authentication periodic" enabled, since link up/down events are enough for single clients. But that depends on your physical security considerations.

Could it be that your radius server is sending an attribute that cranks down the reauth time as described here?

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dot1x.html

In that case it can be fixed radius-side, or overridden with a switch-local setting.

0 Helpful

jmandersson
Level 1
Level 1
In response to b.julin

‎09-22-2009 10:50 AM

Hi and thanks for the reply,

Perhaps i could have been more precise. The client is reauthenticated after the default timers, and not every fifth second. It this debug (debug authentication events) message thats appears every fifth second:

Sep 22 20:44:36.204: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_present: client for mac address 0011.bb08.24b6 has been notified on FastEthernet0/2

Sep 22 20:44:36.204: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_authorized: client for mac address 0011.bb08.24b6 is authorized FastEthernet0/2

Perhaps it isn't a problem but i can't fint any information about what it means and why it appears so frequently

Best regards,

Johan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card