3560G and 802.1X with Cisco IP Phone

Hi,
We have been doing some test on our 3560G switch with 802.1X. The switch port has a Cisco IP Phone 7940 connected and at the back of the IP Phone is the PC (802.1X client).
The PC authenticates with the computer name or the username properly without any problems. However problem is that the port stays opened/authorized even after disconnecting the Laptop from the phone. Only disconnecting the phone from the switch disables the port and enforces authentication.
This totally defeats the purpose for us.
IOS: 12.2(20)SE3
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
interface GigabitEthernet0/40
switchport access vlan 4
switchport mode access
switchport voice vlan 15
dot1x port-control auto
dot1x timeout quiet-period 15
dot1x timeout reauth-period 30
dot1x max-req 1
dot1x reauthentication
spanning-tree portfast
spanning-tree link-type point-to-point
Any ideas will be appreciated.
Thanks,
Cheers
Kartik

I believe the problem should be solved with the new phone firmware:
Ref Cisco Document:
http://www.cisco.com/en/US/products/hw/phones/ps379/prod_release_note09186a0080461f84.html
"Firmware release 7.2(2) provides support for the Cisco IP Phone models 7960G and 7940G to monitor IEEE 802.1X messages between an authenticating switch and a connected PC (supplicant).
When a PC is disconnected from the Cisco IP Phone, the phone issues an EAPOL-Logoff message on behalf of the PC to the authenticating switch.
Hope This Helps
Jarle Steffensen

Similar Messages

  • Cisco ip phones authenticate 802.1x with cisco ise 1.3

    Dear all,
    I want to configure cisco ise 1.3 with 802.1x , to authenticate cisco ip phones ( CUCM 10.5.2 ) with LSC certificate. 
    How I have to configure cisco ise authentication rules for 802.1x with cisco ip phones? Are there any configuration examples ? 
    Thanks

    following are ISE 802.1x  sample authentication rules..you can change the protocol (Policy -> policy elements - > results -> authentication and you can select the proctocal)

  • I bought htc 8x verizon employee edition and when i update it and during installation with my error phone get off and now phone stuck on some wheel running thing and wont get on please tell me if i could download the rom

    i bought htc 8x verizon employee edition and when i update it and during installation with my error phone get off and now phone stuck on some wheel running thing and wont get on please tell me if i could download the rom or anything also

        Hi mnomi! Sorry to learn of the trouble you're running into with your new phone! Have you already switched the device via your My Verizon : http://vz.to/16lkVUY Once you have done this, and verify the sim card is inserted securely, the activation will begin. If the phone is stuck on the wheel and you cannot move forward, you may want to do an alternative reset. Please follow the below instructions:
    1) Ensure the device is powered off.
    2) Press and hold the Volume Down button (located on the right edge) until instructed to release in step 4.
    3) Press and hold the Power button (located on the top-right edge) until the device vibrates (approximately 2 seconds) then release.
    4) When the restore screen appears (exclamation mark), release the Volume Down button.
    5) From the restore screen, press then release the following keys to initiate the reset process:
    1. Volume Up button
    2. Volume Down button
    3. Power button
    4. Volume Down button
    *Allow several minutes for the process to complete (rotating gears appear on the display to indicate that the reset is in progress).
    If you have any further questions or concerns, please let us know. Keep us posted if this resolves your concerns. Thanks!
    -KristieQ_VZW
    Follow us on Twitter @VZW Support

  • Cisco ip phones authenticate 802.1x with cisco ise

    Dears,
    I want to  configure ip phones authenticate from Cisco ISE with 802.1X with certificates. But i can not find any configuration guide about this solutions.
    I find one config and this is about ACS. Please provide me any documentation guide on cisco ise.
    Thanks. 

    802.1x configuration for IP Phones
    http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html#69217

  • 802.1x EAP-TLS with Cisco IP-Phone on MS NPS

    Hi,
    does anybody get 802.1x - EAP-TLS with IP-Phones ( e.g. 7962G ) on Microsoft NPS up and running?
    With ACS it is not a problem at all.
    thx
    Sebastian

    Hi all !
    Have you solved this problem (LSC certificate )? I am facing the same problem and I did not find the solution yet.
    This is the last e-mail that Microsoft TAC has sent to the customer:
    ====================================================================================
    As per the discussion, we need to engage Vendor on the case to find out why the CRL Distribution Point (CDP) and AIA paths are missing from the certificate. Ideally CDP contains that Revocation List of the certificates and AIA is used for building the certificate chain.
    "Please find below some more information about the same from Microsoft TechNet Article :
    CRL Distribution Points : This extension contains one or more URLs where the issuing CA’s base certificate revocation list (CRL) is published. If revocation checking is enabled, an application will use the URL to retrieve an updated version of the CRL. URLs can use HTTP, LDAP or File.
    Authority Information Access : This extension contains one or more URLs where the issuing CA’s certificate is published. An application uses the URL when building a certificate chain to retrieve the CA certificate if it does not exist in the application’s certificate cache."
    =====================================================================================
    Tks for your help !!!!!!!
    Luis

  • VPN Site-to-Site or VPN Client Server with Cisco IP Phone 8941 and 8945

    Hi everyone,
    I decide to deploy a CUCM (BE6K platform), SX20, and IP Phone 8941/8945 on Head Office and Cisco SX10 and IP Phone 8941/8945 for branch offices (actually 9 branch offices).
    The connection will use internet connection for HO and each branch offices.
    And the IT guy want to use kind a VPN client server or VPN site-to-site for the connection through internet,
    what kind of VPN client server or VPN site-to-site that recommended for this deployment?
    and what type of Cisco router that support that kind of VPN (the cheapest one will be great)?
    So the SX10 and IP Phone 8941/8945 in branch offices can work properly through internet connection?
    please advise
    Regards,
    Ovindo

    Hi Leo,
    technically, the ipsec users will not use up any premium license seats, so if you have 10 ipsec users connecting first, the premium seats are still free and so you can then still have 10 phones/anyconnect users connect.
    However, the 250 you mention is the global platform limit, so it refers to the sum of premium and non-premium connections. Or in other words, you can have 240 ipsec users and 10 phones,  but not 250 ipsec users and 10 phones.
    If 250 ipsec users and 10 phones would try to connect, it would be first-in, first-served, e.g. you could have 248 ipsec users and 2 phones connected.
    Note: since you have Essentials disabled I'm assuming you are referring to the legacy "Cisco vpnclient" (IKEv1 client) which does not require any license on the ASA. But for the benefit of others reading this thread: if  you do have Anyconnect clients (using SSL or IPsec/IKEv2) for which you currently have an Essentials license, then note that the Essentials and Premium license cannot co-exist. So for e.g. 240 Anyconnect users and no phones, you can use Essentials. For 240 Anyconnect users and 10 phones, you need a 250-seat Premium license (and a vpn phone license).
    hth
    Herbert

  • RV180W and 802.1x with Windows NPS

    I am attempting to configure a Cisco RV180W with 802.1x authentication using peap-mschap-v2 with a server 2008 nps box in a domain environment and I keep getting the following error in the event logs: "The RADIUS request did not match any configured connection request policy (CRP)."  I do have my Connection request and Network policies in place and they do work when using a Cisco 1142N.  Does anyone know if the RV180W supports this type of configuration?
    Jose

    I believe the problem should be solved with the new phone firmware:
    Ref Cisco Document:
    http://www.cisco.com/en/US/products/hw/phones/ps379/prod_release_note09186a0080461f84.html
    "Firmware release 7.2(2) provides support for the Cisco IP Phone models 7960G and 7940G to monitor IEEE 802.1X messages between an authenticating switch and a connected PC (supplicant).
    When a PC is disconnected from the Cisco IP Phone, the phone issues an EAPOL-Logoff message on behalf of the PC to the authenticating switch.
    Hope This Helps
    Jarle Steffensen

  • Integration with Cisco IP Phones

    Possible to integrate Lync to Cisco IP Phones?

    Depends on what you mean by integrate.  You cannot directly register Cisco phones with Lync, but you have the following options:
    Create a SIP trunk (or trunk through a gateway) and connect CUCM to Lync and then you would be able to call back and forth
    If you want to repurpose Cisco phones to use with Lync then you can use a third party product from AudioCodes (SPS -
    http://www.audiocodes.com/sps ) or NET (SmartSIP -
    http://www.net.com/Pages/Product.aspx?pgid=229 )
    Tim Harrington | MVP: Lync | MCITP: EMA 2007/2010, Lync 2010, MCTS: OCS | Blog:
    http://HowDoUC.blogspot.com | Twitter:
    @twharrington

  • My iPhone 4S just replaced the names of my contacts in text messages and my favorites with only their phone numbers. Names are gone. The option to add new contacts also appears to be gone. I tried the *228 and it did not work. Help!

    My iPhone 4S has replaced the names of my contacts in text messages and under my favorites- only their phone number shows. I updated today but this actually happened beforehand. I have tried restating the phone, and also *228. Neither have worked. Can someone help me??

    My wife is having the same problems as a reciever. She works in a school as a teaching assistant and her teacher sends messages that are mixed with previous texts from ages ago.
    Can anyone shed some light on this problem or is it only her and this poster?
    2m42s

  • NAC-L2-802.1x with 7940 IP Phones and builtin swithport?

    Hi
    I've got the NAC Framework, NAC-L2-802.1x working in a test LAB with network hosts (PCs) connected directly to the L2 switch. In our production environment, we have Cisco 7940 IP phones on every desk, and the PCs connect to the switchport on the back of these phones. How would one configure NAC-L2-802.1x to work in a setup like this? I've done quite a bit of searching on Cisco and only found this reference to IP phones and NAC;
    IP Telephone and Device Mobility
    The computer connected to the PC port on an IP phone will get posture validated successfully.
    It does not help much...
    Thanks very much.
    Jason

    You have 2 choices:
    1) Ignore the phones based on CDP. You get this be just configuring 802.1X along with a VVID. Here's an example port config from a 3750:
    interface GigabitEthernet1/0/2
    description endpoints
    switchport access vlan 2
    switchport mode access
    switchport voice vlan 200
    srr-queue bandwidth share 10 10 60 20
    srr-queue bandwidth shape 10 0 0 0
    queue-set 2
    mls qos trust device cisco-phone
    mls qos trust cos
    dot1x pae authenticator
    dot1x port-control auto
    spanning-tree portfast
    spanning-tree bpduguard enable
    ip verify source
    ip dhcp snooping limit rate 10
    The config above will allow a Cisco phone in "for free" just b/c it can do CDP.
    2) Authenticate IP phones via 1X or MAC-Authentication for phones that cannot support 1X. This would be the same config as above, with the addition of this line:
    dot1x host-mode multi-domain
    And if your IP phone cannot do 1X (for example the 7940 cannot) then you'll need to check it's MAC for entry into the network by adding this line:
    dot1x mac-auth-bypass
    Hope this helps,

  • Configuring wired 802.1x with Cisco 2950 and NPS 2012 problem

    Hi,
    I am trying to setup wired authentication on my corporate network. For testing purposes, I have setup a Cisco 2950 switch for RADIUS authentication.
    On the first day of the test, access messages were appearing on the event log of the 2012 Server and  we were trying to address the issues with EAP and policy.(Network Policy and Access services)
    Then, suddenly no events are written to the event log for the wired authentication. Accounting data is written to the log file at c:\windows\system32\logfiles, but nothing happens on the event log as if the NPS is not answering. We are using the same server for wireless 802.1x and all is working fine.
    Checking the wired autoconfig log on the client, Restart Reason : Onex Auth Timeout appears.
    Logging seems to be configured properly, there are no entries in event log. Below is the debug information from the 2950 switch;
    KAT2-BATISW1#
    00:18:28: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
    0/17
    00:18:28: dot1x-registry:dot1x_port_linkcomingup invoked on interface FastEthern
    et0/17
    00:18:28: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface FastEth
    ernet0/17
    00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
    17 (admin=Both, current oper=Both)
    00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
     Both
    00:18:28:     dot1x_auth Fa0/17: initial state auth_initialize has enter
    00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_initialize_enter called
    00:18:28: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0
    00:18:28:     dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
    uto)
    00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
    00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_disconnected_enter_action called
    00:18:28: dot1x-sm:
    dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
    D
    00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
    17 (admin=Both, current oper=Both)
    00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
     Both
    00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
    hernet0/17
    00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
    HORIZED
    00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to send po
    rt to unauthorized on vlan 0
    00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
    00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
    astEthernet0/17
    00:18:28: dot1x-ev:    GuestVlan configured=0
    00:18:28: dot1x-ev:supplicant 0000.0000.0000 is default
    00:18:28: dot1x-ev:supplicant 0000.0000.0000 is last
    00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
    00:18:28: dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/17
    00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
    hernet0/17
    00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
    00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
    00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
    00:18:28:     dot1x_auth Fa0/17: idle during state auth_disconnected
    00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
    00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_enter called
    00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
    00:18:28: dot1x-sm:Dot1x Initialize State Entered
    00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
    00:18:28:     dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
    6383(idle)
    00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
    00:18:28: dot1x-sm:Dot1x Idle State Entered
    00:18:28: dot1x-ev:Created port supplicant block 0000.0000.0000 expected_id=0 cu
    rrent_id=0
    00:18:28: dot1x-ev:dot1x_init_sb_oper_info:Default port supplicant at memloc 80D
    71C74
    00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
    FastEthernet0/17
    00:18:28: dot1x-ev:
    dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
    00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=1
    00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
    00:18:28: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/17)
    00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
    00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
    FastEthernet0/17
    00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
    000.0000.0000
    00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
    00:18:28: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
    00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
    00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
    00:18:28: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
    00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
    00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
    00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
    00:18:28:     dot1x_auth Fa0/17: initial state auth_initialize has enter
    00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_initialize_enter called
    00:18:28: dot1x-ev:auth_initialize_enter:0024.1d10.d7c5: Current ID=0
    00:18:28:     dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
    uto)
    00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
    00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_disconnected_enter_action called
    00:18:28: dot1x-sm:
    dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
    D
    00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
    17 (admin=Both, current oper=Both)
    00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
     Both
    00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
    hernet0/17
    00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
    HORIZED
    00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0024.1d10.d7c5 to send po
    rt to unauthorized on vlan 0
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
    astEthernet0/17
    00:18:28: dot1x-ev:    GuestVlan configured=0
    00:18:28: dot1x-ev:supplicant 0024.1d10.d7c5 is last
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28: dot1x-ev:0024.1d10.d7c5 is now unauthorized on port FastEthernet0/17
    00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
    hernet0/17
    00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28:     dot1x_auth Fa0/17: idle during state auth_disconnected
    00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
    00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
    00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
    00:18:28: dot1x-sm:Dot1x Initialize State Entered
    00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
    00:18:28:     dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
    6383(idle)
    00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
    00:18:28: dot1x-sm:Dot1x Idle State Entered
    00:18:28: dot1x-ev:Created port supplicant block 0024.1d10.d7c5 expected_id=1 cu
    rrent_id=1
    00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
    FastEthernet0/17
    00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
    FastEthernet0/17
    00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
    024.1d10.d7c5
    00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
    00:18:28: dot1x-packet:Tx EAP-Request(Id), id 0, ver 1, len 5 (Fa0/17)
    00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
    00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
    00:18:28: dot1x-packet:Rx EAP-Response(Id), id 0, ver 1, len 21 (Fa0/17)
    00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28:     dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
    pId)
    00:18:28: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
    00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
    00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
    00:18:28: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
    00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
    alled
    00:18:28: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
    00:18:28:     dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
    start)
    00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
    00:18:28: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
    D353C, swidb=807D4898 on intf=Fa0/17
    00:18:28: dot1x-ev:Managed Timer in sub-block attached as leaf to master
    00:18:28: dot1x-sm:Started the ServerTimeout Timer
    00:18:28: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and leng
    th = 21
    00:18:28: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967283
    00:18:28: dot1x-ev:Couldn't Find a process thats already handling the request fo
    r this id 0
    00:18:28: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
    .1d10.d7c5, VLAN 0 on pending request queue
    00:18:28: dot1x-ev:Found a free slot at slot 0
    00:18:28: dot1x-ev:Found a free slot at slot 0
    00:18:28: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
    24.1d10.d7c5, VLAN 0 from pending request queue
    00:18:28: dot1x-ev:Request id = -13 and length = 21
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
    t0/17
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:28: dot1x-ev:Username is DUZEY\SAYTAMANER
    00:18:28: dot1x-ev:MAC Address is 0024.1d10.d7c5
    00:18:28: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
    00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:30: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up
    00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
    00:18:46: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
    00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
    00:18:46:     dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
    apStart)
    00:18:46: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
    00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
    00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
    led
    00:18:46: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
    00:18:46:     dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
    nitialize)
    00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
    00:18:46: dot1x-sm:Dot1x Initialize State Entered
    00:18:46:     dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
    00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
    00:18:46: dot1x-sm:Dot1x Idle State Entered
    00:18:46:     dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
    Abort_noeapLogoff)
    00:18:46: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
    00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
    00:18:46: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
    024.1d10.d7c5
    00:18:46: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
    00:18:46: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
    00:18:46: dot1x-registry:registry:dot1x_ether_macaddr called
    00:18:46: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
    00:18:46: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
    00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
    00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
    00:18:46:     dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
    pId)
    00:18:46: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
    00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
    00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
    00:18:46: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
    00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
    alled
    00:18:46: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
    00:18:46:     dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
    start)
    00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
    00:18:46: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
    D353C, swidb=807D4898 on intf=Fa0/17
    00:18:46: dot1x-ev:Managed Timer in sub-block attached as leaf to master
    00:18:46: dot1x-sm:Started the ServerTimeout Timer
    00:18:46: dot1x-ev:Going to Send Request to AAA Client on RP for id = 1 and leng
    th = 21
    00:18:46: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967284
    00:18:46: dot1x-ev:Found a process thats already handling therequest for this id
     1
    00:18:48: dot1x-err:Dot1x Authentication failed (AAA_AUTHEN_STATUS_ERROR)
    00:18:48: dot1x-ev:Received VLAN is No Vlan
    00:18:48: dot1x-ev:Enqueued the response to BackEnd
    00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:48: dot1x-ev:Enter function dot1x_aaa_acct_end
    00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:18:48: dot1x-ev:Received QUEUE EVENT in response to AAA Request
    00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:dot1x_process_txWhen_expire called
    00:18:58:     dot1x_auth Fa0/17: during state auth_connecting, got event 19(txWh
    en_expire)
    00:18:58: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_connecting
    00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_connecting_action calle
    d
    00:18:58: dot1x-ev:dot1x_post_message_to_auth_sm: Skipping tx for req_id for def
    ault supplicant
    00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
    00:19:07: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
    00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
    00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
    00:19:07:     dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
    apStart)
    00:19:07: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
    00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
    00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
    led
    00:19:07: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
    00:19:07:     dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
    nitialize)
    00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
    00:19:07: dot1x-sm:Dot1x Initialize State Entered
    00:19:07:     dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
    00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
    00:19:07: dot1x-sm:Dot1x Idle State Entered
    00:19:07:     dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
    Abort_noeapLogoff)
    00:19:07: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
    00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
    00:19:07: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
    024.1d10.d7c5
    00:19:07: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
    00:19:07: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/17)
    00:19:07: dot1x-registry:registry:dot1x_ether_macaddr called
    00:19:07: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
    00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
    00:19:07: dot1x-packet:Rx EAP-Response(Id), id 2, ver 1, len 21 (Fa0/17)
    00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
    00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
    00:19:07:     dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
    pId)
    00:19:07: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
    00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
    00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
    00:19:07: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
    00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
    alled
    00:19:07: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
    00:19:07:     dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
    start)
    00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
    00:19:07: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
    D353C, swidb=807D4898 on intf=Fa0/17
    00:19:07: dot1x-ev:Managed Timer in sub-block attached as leaf to master
    00:19:07: dot1x-sm:Started the ServerTimeout Timer
    00:19:07: dot1x-ev:Going to Send Request to AAA Client on RP for id = 2 and leng
    th = 21
    00:19:07: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967285
    00:19:07: dot1x-ev:Couldn't Find a process thats already handling the request fo
    r this id 2
    00:19:07: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
    .1d10.d7c5, VLAN 0 on pending request queue
    00:19:07: dot1x-ev:Found a free slot at slot 0
    00:19:07: dot1x-ev:Found a free slot at slot 0
    00:19:07: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
    24.1d10.d7c5, VLAN 0 from pending request queue
    00:19:07: dot1x-ev:Request id = -11 and length = 21
    00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:19:07: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
    t0/17
    00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:19:07: dot1x-ev:Username is DUZEY\SAYTAMANER
    00:19:07: dot1x-ev:MAC Address is 0024.1d10.d7c5
    00:19:07: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
    00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
    00:19:19: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
    0/17
    00:19:19: dot1x-ev:supp_info=80D7E584 txWhen_timer=80D7E5D4 quietWhile_timer=80D
    7E594reAuthWhen_timer=80D7E5B4 awhile_timer=80D7E5F4
    00:19:19: dot1x-ev:destroy supplicant block for 0024.1d10.d7c5
    00:19:19: dot1x-ev:supp_info=80D71C74 txWhen_timer=80D71CC4 quietWhile_timer=80D
    71C84reAuthWhen_timer=80D71CA4 awhile_timer=80D71CE4
    00:19:19: dot1x-ev:destroy supplicant block for 0000.0000.0000
    00:19:19: dot1x-ev:Enter function dot1x_aaa_acct_end
    00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
    00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
    00:19:19: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
    hernet0/17
    00:19:19: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
    This is driving me crazy, working on it for a whole week and no results..
    Thank you..

    Hi again,
    I have put the config on 2960. Now as soon as the authentication starts, this is the message on debug;
    dot1x authentication unable to start - authenticator not enabled..
    Any ideas?
    regards,
    onur

  • How to configure SGE2000P with CISCO 7900 phones and data VLAN

    Hello all
    I am having problem setting up SGE2000P switches to work with my default data VLAN and additional voice VLAN. I am configuring it to pick IP address for phones from voice VLAN which is working fine but when I connect a PC on phone port it is also picking up an IP from Voice VLAN while default VLAN is data with different scope of IP.
    Is there any good discussion or documents out there to help me resolve this issue before I pack these switches and purchase ESW 500 series. I have ESW 500 at another client and they are working fine out of the box but this guy is giving me hard time.
    Any suggestions help will be appreciated
    Mo

    HI Muhammed,
    I suggest you contact the Small Business Support Center for some help:
    http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
    Regards,
    Cindy Toy
    Cisco Small Business Community Manager
    for Cisco Small Business Products
    www.cisco.com/go/smallbizsupport
    twitter: CiscoSBsupport

  • Cisco aironet 1130g and windows 2003 with cisco ACS

      hi
    i  have configured windows 2003 server with  DNS ,Active directory users and dhcp server.  and configured my cisco 1130g AP .
    i have installed cisco access control server 4.0 because i use LEAP authentication protocol and for the ACS for network configuration i give aaa client ip addresss as AP interface ip and  same shared secret for the AP and ACS,.
    so  when i log to wifi it ask username and password
    problem is lap top cannot have a ip address my dhcp server not issue any ip address .
    my hiper terminal massage is like this when i connect to wifi 
    help ...thank you...

    As I mentioned now several times already, it is the client and ACS which do the PEAP. The Access point doesn't have to be configured for an eap type. What you did on the AP was setting the AP as a radius server which is duplicate work with what you did on ACS.
    So you need on your client to configure either PEAP or LEAP.
    Nicolas

  • How do I make and get calls with my US Phone in another country?

    Do I just dial the local number or do I have to dial international stuff?
    Same question for getting calls from the US. How to people there call me?
    Sorry if this is a dumb question.......
    Oh the place in Asia is on the countries list for the Iphone.

    http://www.wireless.att.com/learn/international/roaming/affordable-world-package s.jsp
    You would be roaming. International roaming is very expensive and must be activated by AT&T.
    You can sign up for international packages that lower the cost substantially. When you call or others call you, the country code would need to be added to the phone number.
    http://www.wireless.att.com/learn/international/roaming/affordable-world-package s.jsp

  • In Europe and cannot connect with a cell phone network!!

    Need help getting my iPhone 5 to connect to any network in Munich or Kufstein, Austria.  My account is in good standing and I have a discount calling plan in place for international calls.  My prior Blackberry was no problem but nothing with the iPhone.
    I NEED IT TO WORK!  HELP!

    If you can Call try this.. 1-800-922-0204 option for International Calling..
    Or have a look at there 2 Links..  Good luck to ya b33
    http://www.verizonwireless.com/wcms/global.html
    http://www.verizonwireless.com/wcms/global/support.html

Maybe you are looking for

  • Can I print out the document formatting information for review

    Is there a way to print out, for example, all the paragraph format with their formatting details? I'd like the same for character formats, conditional text etc.? I'm a long time FrameMaker use and have built numerous templates over the years. The one

  • Mapping aborts instead of records getting audited in error tables

    We have several instances when a mapping encounters an invalid number error (source is non-numeric and target is numeric) and the mapping aborts with a "Invalid number" error, instead of the error being logged in the wb_rt_error* tables, and the mapp

  • How do you get the search feature on the ipod 30gb ?

    for some reason, my ipod 30gb does not have the search feature that i have seen on other ipods hp dv6000   Windows XP  

  • Call function or class from a loaded MC

    Hi, Can anyone tell me if its possible to call a function or class from within a loaded MC? mainMovie loads MC > MC calls function in a class of mainMovie if so, what is the best method? I've tried this from loaded MC but (of course) an error pops: m

  • HTML inside flash

    I am trying to display a html based weather widget inside a flash asctinscript 2 file using CS3. Can anyone point me to a tutorial on this? Forrest