Hi Team,

I have configured NAC in my network with no luck, we are using Packet fence (Opensource) as a NAC sever and  below is the configuration from the Cisco switch model : WS-C2960S-48FPS-L , Software version: 12.2(55)SE5.

Switch Configuration:

Dot1x system-AUTH-control

AAA group server radius GR_PACKETFENCE
server 10.0.1.119 AUTH-port 1812 ACCT-port 1813

AAA authentication dot1x default group GR_PACKETFENCE

AAA authorization network default group GR_PACKETFENCE

radius-server VSA send authentication

radius-server host 10.0.1.119 AUTH-port 1812 acct-port 1813 key 7 052550210C4D6D220102451C261C0576530

Interface configuration:

switchport mode access
switchport voice VLAN 10
authentication host-mode multi-domain
authentication order dot1x MAB
authentication priority dot1x MAB
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
MAB
no SNMP trap link-status
dot1x PAE authenticator
dot1x timeout tx-period 5
spanning-tree PORTFAST

Error:

show authentication session interface Gi1/0/15

Interface:  GigabitEthernet1/0/15

          MAC Address:  a029.196d.0111

           IP Address:  Unknown

            User-Name:  host/BGL4L7GDN3.actuant.pri

               Status:  Authz Failed

               Domain:  DATA

       Oper host mode:  single-host

     Oper control dir:  both

      Session timeout:  N/A

         Idle timeout:  N/A

    Common Session ID:  0AC133FE00000A208AD3A5D8

      Acct Session ID:  0x00000DCD

               Handle:  0xBC000A20

Runnable methods list:

       Method   State

       dot1x    AUTHC Failed

       MAB      Failed over

SH dot1x all summary

Interface       PAE     Client          Status

--------------------------------------------------------

Gi1/0/15        AUTH    a029.196d.0111  UNAUTHORIZED

Debug from the Cisco Switch:

Oct 31 07:26:36: @@@ dot1x_auth_bend Gi1/0/15: auth_bend_fail -> auth_bend_idle

Oct 31 07:26:36: dot1x-sm(Gi1/0/15): 0xBB000A4C:auth_bend_idle_enter called

Oct 31 07:26:36: dot1x-sm(Gi1/0/15): Posting AUTH_FAIL on Client 0xBB000A4C

Oct 31 07:26:36:     dot1x_auth Gi1/0/15: during state auth_authenticating, got event 15(authFail)

Oct 31 07:26:36: @@@ dot1x_auth Gi1/0/15: auth_authenticating -> auth_authc_result

Oct 31 07:26:36: dot1x-sm(Gi1/0/15): 0xBB000A4C:auth_authenticating_exit called

Oct 31 07:26:36: dot1x-sm(Gi1/0/15): 0xBB000A4C:auth_authc_result_enter called

Oct 31 07:26:36: %DOT1X-5-FAIL: Authentication failed for client (a029.196d.0111) on Interface Gi1/0/15 AuditSessionID

Oct 31 07:26:36: dot1x-ev(Gi1/0/15): Sending event (2) to Auth Mgr for a029.196d.0111

Oct 31 07:26:36: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (a029.196d.0111) on Interface Gi1/0/15 AuditSessionID 0AC133FE00000A2B9A514A7C

Oct 31 07:26:36: %AUTHMGR-5-FAIL: Authorization failed for client (a029.196d.0111) on Interface Gi1/0/15 AuditSessionID 0AC133FE00000A2B9A514A7C

Oct 31 07:26:36: dot1x-redundancy: State for client  a029.196d.0111 successfully retrieved

eld, got event 4(eapolStart) (ignored)eceived Authz fail for the client  0xBB000A4C (a029.196d.0111)

Oct 31 07:26:36: dot1x-sm(Gi1/0/15): Posting_AUTHZ_FAIL on Client 0xBB000A4C

Oct 31 07:26:36:     dot1x_auth Gi1/0/15: during state auth_authc_result, got event 22(authzFail)

Oct 31 07:26:36: @@@ dot1x_auth Gi1/0/15: auth_authc_result -> auth_held

Oct 31 07:26:36: dot1x-sm(Gi1/0/15): 0xBB000A4C:auth_held_enter called

Oct 31 07:26:36: dot1x-ev(Gi1/0/15): Sending EAPOL packet to group PAE address

Oct 31 07:26:36: dot1x-ev(Gi1/0/15): Role determination not required

Oct 31 07:26:36: dot1x-registry:registry:dot1x_ether_macaddr called

Oct 31 07:26:36: dot1x-ev(Gi1/0/15): Sending out EAPOL packet

Oct 31 07:26:36: EAPOL pak dump Tx

Oct 31 07:26:36: EAPOL Version: 0x3  type: 0x0  length: 0x0004

Oct 31 07:26:36: EAP code: 0x4  id: 0x9  length: 0x0004

Oct 31 07:26:36: dot1x-packet(Gi1/0/15): EAPOL packet sent to client 0xBB000A4C (a029.196d.0111)

Oct 31 07:26:36: EAP-EVENT: Received free context (0x13000EA9) from LL (Dot1x-Authenticator)

Oct 31 07:26:36: EAP-EVENT: Received LL (Dot1x-Authenticator) event 'EAP_DELETE' on handle 0x13000EA9

Oct 31 07:26:36: EAP-AUTH-EVENT: Freed EAP auth context

Oct 31 07:26:36: EAP-EVENT: Freed EAP context

Oct 31 07:26:37: dot1x-ev(Gi1/0/15): Role determination not required

Oct 31 07:26:37: dot1x-packet(Gi1/0/15): queuing an EAPOL pkt on Auth Q

Oct 31 07:26:37: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

Oct 31 07:26:37: EAPOL pak dump rx

Oct 31 07:26:37: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Oct 31 07:26:37: dot1x-ev:

dot1x_auth_queue_event: Int Gi1/0/15 CODE= 0,TYPE= 0,LEN= 0

Oct 31 07:26:37: dot1x-packet(Gi1/0/15): Received an EAPOL frame

Oct 31 07:26:37: dot1x-ev(Gi1/0/15): Received pkt sadder =a029.196d.0111 , daddr = 0180.c200.0003,

                    pae-ether-type = 888e.0101.0000

Oct 31 07:26:37: dot1x-packet(Gi1/0/15): Received an EAPOL-Start packet

Oct 31 07:26:37: EAPOL pak dump rx

Oct 31 07:26:37: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Oct 31 07:26:37: dot1x-sm(Gi1/0/15): Posting EAPOL_START on Client 0xBB000A4C

Oct 31 07:26:37:     dot1x_auth Gi1/0/15: during state AUTH_HELD, got event 4(eapolStart) (ignored)

Oct 31 07:26:42: dot1x-ev(Gi1/0/15): Role determination not required

Oct 31 07:26:42: dot1x-packet(Gi1/0/15): queuing an EAPOL PKT on AUTH Q

Oct 31 07:26:42: dot1x-ev:Enqueued the EAPOL packet to the global authenticator queue

Oct 31 07:26:42: EAPOL PAK dump RX

Oct 31 07:26:42: EAPOL Version: 0x1  type: 0x1  length: 0x0000

Oct 31 07:26:42: dot1x-ev:

dot1x_auth_queue_event: INT Gi1/0/15 CODE= 0,TYPE= 0,LEN= 0

Oct 31 07:26:42: dot1x-packet(Gi1/0/15): Received an EAPOL frame

Oct 31 07:26:42: dot1x-ev(Gi1/0/15): Received PKT SADDR =a029.196d.0111 , DADDR = 0180.c200.0003,

                    PAE-ether-type = 888e.0101.0000

Oct 31 07:26:42: dot1x-packet(Gi1/0/15):