Introduction
When an attempt is made to configure the WGB and the AP for EAP-FAST, the "DOT1X_SHIM: Start supplicant on Dot11Radio0" , "dot1x-ev:Dot1x Packets are not expected Interface 0xxxxxxxxx(Dot11Radio0) does not have Dot1x subblock" error messages appears
Core Issue
The Workgroup Bridge (WGB) searches for a subblock in the packets that come from the root access point (AP) but cannot find it. Then, an error message such as this can appear:
DOT1X_SHIM: Start supplicant on Dot11Radio0 (credentials )
DOT1X_SHIM: Skipping dot1x_mgr_auth start (open auth)
DOT1X_SHIM: Initialising WPA [or WPA-PSK or CCKM] key management module
dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on Dot11Radio0.
DOT1X_SHIM: No AAA client found for 0016.4672.25c0 (on Dot11Radio0)
dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Supplicant Q
dot1x-ev:Enqueued the eapol packet to the global supplicant queue
dot1x-ev:Dot1x Packets are not expectedInterface 0x00CE6F14 (Dot11Radio0) does not have Dot1x subblock
Resolution
In order to solve the problem, complete these steps:
- The service set identifier (SSID) configured on both the AP and the WGB must be the same. Also, make sure that the infrastructure SSID on the WGB is present in order to associate with the root AP.
- If the SSIDs are configured, make sure that the infrastructure SSID is enabled.
- Upgrade to the latest firmware software release, currently Cisco IOS Software Release 12.3(8)JA2.
- The only supported IP must be assigned to the Bridge Group Virtual Interface (BVI). Remove the IP addresses from the radio and fastethernet interfaces, because this is not supported and can cause unexpected behaviors.
Problem Type
Client / Device cannot authenticate
Device cannot associate
Error message
Products
Access point
Workgroup bridges
Reference
EAP Configuration with RADIUS Server
Special Configurations
Access Point as a Workgroup Bridge Configuration Example
Cisco EAP-FAST