802.1x - Windows credentials

Hello all,
I am working on an 802.1x lab and proof of concept and have 2 problems. Solving either of them will have me good-to go. Just for reference I have:
1) enabled and tested workstation authentication
2)can succesfully authenticate users and workstations against AD
First: If I use the default Windows 2000 802.1x service and have the box "Always use my Windows username and password" box checked when using PEAP, I cannot for the life of me figure out how to authenticate when I have logged in as a local user account. Windows insists on putting the local computer name in front of the username when I log in to a local account, so I cannot simply enter the default company-wide local administrator into ACS's local database.
Second: If I use the Cisco CTA client, I always get prompted for my password by CTA after I login to Windows, when I thought it should use the credentials I logged in with. I do not care if I have to enter local credentials twice, but a normal user logging into an AD account should not have to. If as I suspect this is a certificate issue my corporation does have a very good PKI infrastructure I can work off of.
My preference is not to have to install any additional software for 802.1x so if I can figure out how to authenticate when logged in as the local administrator without having to change settings, that would be best, but if I need to I can us the CTA client.
Any help would be greatly appreciated,
Nathan Spitzer
Lockheed Martin TSS

Not sure if this is for wireless or not, but Windows generally does not allow for this by default, due to roaming issues. See here for more details:
<http://www.microsoft.com/technet/itsolutions/network/wifi/wififaq.mspx#EAAAA>
You could set this up with MD5 to ask it for you credentials every time though, if this is for a POC test.
CTA should be able to acieve SSO as well, but this is a non-default condition for a stand-alone install. You can setup a profile which enables SSO by default though, to achieve an SSO experience for other users. See here for more details:
<http://www.cisco.com/en/US/products/ps5923/products_maintenance_guide_book09186a008068ece8.html>
Hope this helps,

Similar Messages

  • How do I set ClientCredentials property to windows credentials?

    As per MSDN
    http://technet.microsoft.com/en-us/library/92a9678c-bc4f-4d7a-ba44-85989bfe27ca
    Building Applications Using the Reporting Web Service and the .NET Framework we have to set Credentials as below
    ReportingService2010 rs = new ReportingService2010();
    rs.Credentials = System.Net.CredentialCache.DefaultCredentials;
    However, after creating the proxy I don't see proxy has Credentials property as MSDN says. The proxy has ClientCredentials property but it is not derived from ICredentials
    I'm using http://serverurl/ReportServer/ReportService2010.asmx
    How do I set ClientCredentials property to windows credentials in this case?

    But i dont see "Add web reference" option.
    Have you read the link I posted? "Add Service Reference" => button "Advanced" => "Add Web Reference"
    to check if the folder already exists
    Sure, with
    ReportingService2010.ListChildren
    Method
    Olaf Helper
    [ Blog] [ Xing] [ MVP]

  • Non Windows Credentials Sql Server Analysis Services

    I am attempting to connect to an OLAP cube using power query from sql server analysis services, but without windows credentials.  Is there a way in which I can perform this action?  It doesn't seem to support this type of connection without using
    windows credentials and I would like to use a different username and password.

    Not today. It's a frequently-requested feature, so I expect we'll probably implement it relatively soon.

  • How to Provide Windows Credentials in Invoke-sqlcmd

    Hi,
    Could you please let me know how to execute TSQL Queries using Invoke-Sqlcmd by passing Windows Credentials.
    I Know Other methods(sqlcmd, SMO) to Run, But Im looking for this Solution.
    I Tried below Commands but it is failing.
    Add-PSSnapin SqlServerCmdletSnapin100
    Add-PSSnapin SqlServerProviderSnapin100
    Invoke-Sqlcmd -ServerInstance "ABC\XYZ" -Database "master" -Query "select * from sys.databases" -Username "Domain\user_ID" -Password "Pwd"
    The credentials which I have passed is having Sysadmin access to SQL Server and it is a Domain Account.
    Note: if I Run the same command Without passing Credentials in the same machine(ABC), then Im getting the Output.
    Please help

    As Mike notes.  The username and password are only useful when you are connecting in mixed mode and you have defined a SQL standard login.  For all trusted connections you must start PowerShell as the user that you want to connect with.  There
    no alternate credentials in MSSQLServer.  The is a "Trusted" connection and a user login connection.  Logins arte not enabled by default in MSSQLServer.
    If you have sufficient priviliges in SQLServer you can act as another user and use their schema.  I recommend posting in the SQLServer forum to learn how to set up and use this.
    ¯\_(ツ)_/¯

  • Connect Coldfusion 9 to SQL using intranet users windows credentials

    Is it possible to use pass through / integrated authentication using the application users windows account (rather than the service account) when a Coldfusion application connects to an MS SQL DB?
    For background, we are running:
    ColdFusion 9,0,1,274733 hosted on a Windows 2008 R2 (64) server
    SQL server 2008 R2 hosted on a Windows 2008 R2 (64) server
    IE 8 and/or 9 as the client browser
    I have an intranet application that is used only by users within our AD domain. I have no problem getting ColdFusion to connect to the SQL database using the ColdFusion service account, but ideally we would like the connection to be made under the application user's account.
    I would appreciate any guidance on how to achieve this if it is possible?
    (I am not a webmanager/developer and so my ColdFusion knowledge is very limited!)
    Thanks in advance,
    Darren

    Again, thanks for the responses - it is nice to be able to talk through these things (I work in a fairly small organisation and so do not often get to talk through technical subjects with other professionals!)
    Firstly, to respond to BKBK, I have been considering that approach, though unless I have missed something, I would either:
    1. have to use simple authentication - in which case a users windows credentials would be passed as Binary_Base64 (i.e. clear text) - and possibly would need to replicate all AD accounts as SQL server accounts (not sure in that account replication bit as I may be able to still get it to authenticate as a windows account from the SQL engine - but the clear text passwords is the real problem), or:
    2. have to use form based credentials, in which case the users would have to 'login' to the application - I am trying to avoid this to make it as seamless for the users as possible.
    Neither of those approaches are ideal (unless, as I say, I am missing an option there) and so I am more inclined to use a single SQL account from the datasource definition and control access from a combination of the application and the database.
    Secondly, to respond to Dan.
    I agree, it would be no good for User A to receive an error if they tried to run a proc that they do not have permissions for. However, if these errors occur they are captured and handled gracefully in both the application suite and the database.
    Aside from this, the application does not provide the ability for user A to execute procedure 7 (from the example in my previous post) - which I guess is what you are saying with " Whatever UI control User B has to run sp 7 cannot be available to User A".
    The reason for controlling physical permissions in the DB was that:
    1. it is universal for all interfaces with that database - so long as integrated auth is used
    2. it provides a belt and braces approach (as parts of this application has sensitive data) - so that if somehow user A gets the web application to call procedure 7 then the DB would still prevent it
    For thought/discussion:
    I think I will end up using a single account from the datasource, but make it a datasource that can only be called from AD users accessing the application (though only AD users can access the application which achieves this already).
    Any call to the database must include the CGI variable "AUTH_USER" as an input parameter.
    The DB will then:
    1. check the account that is logged in to the SQL engine (to ensure a user hasnt bypassed coldFusion and gone straight to the DB - though Group permissions are already set for this scenario)
    2. Check the user supplied as a parameter exists in AD and is an active account
    3. and check the permissions of that user for the particular task that was requested of the DB engine. - execute if permissable, gracefully refuse with appropriate messages passed back if not.
    This combined with the control in the application to only present the right functions to the right user should give me the belt and braces that we are after - all be it in a bit of a convoluted way!
    I guess the big question is how easy/difficult is it to fake "AUTH_USER"?

  • 802.1x Windows XP Supplicant

    Hello,
    I have been recently trying to get the built in Windows XP supplicant to function in the following way: using EAPOL-MSCHAPv2 with Username/Password/Domain credentials at the Windows login screen. No certificates, just a pre-shared key between the RADIUS server and the applicant switch. It does not seem to work though... does anyone have experience configuring 802.1x in a similar fashion?
    Your input would be immensely appreciated, thank you!
    Steve

    A few questions regarding your setup:
    1. Need AAA configuration for the switch
    2. Have you established that requests from XP client is getting to the ACS?
    3. What is the failure reason in ACS logs?
    With this information, further guidance can be provided.

  • Yosemite file sharing with windows credentials error

    Hello,
    While on Mavericks I successfully setup file sharing on my local networks and users on Windows based machines had no issues accessing it. The first time they would find it on their network it would ask them for the credentials I had setup for them as sharing only users on my Mac. However after upgrading to Yosemite while Windows based users can see my shared Mac on their Explorer Browser when they try to access it asks them for a username/password but fails each time stating that it is an incorrect username or password. I am able to access the Windows machine from the mac. I have turned off all firewalls. I have talked with support who viewed screens on both my Mac and the PC to see what was happening but was not able to offer any support. To me it looks like the credentials are either not being properly passed to the Mac running Yosemite or it does not understand the credentials.

    After spending some more time on this I ran the same text on another laptop. I setup file sharing and tried to access it from my Windows based machine. This has become rather frustrating and after iSO 8 nearly incapacitated my iPhone I am struggling to find the same love for my Apple devices that I did in the past.

  • Broadcom 802.11ac Windows 8.1 won't connect to wifi router

    I'm using a asrock z87E-ITX with Broadcom 802.11ac wireless adapter, and windows 8.1
    my wireless adapter won't connected to my zte f660 wireless router, but it's connected to any mobile phone thetered device. The problem is when i try to connect, the wireless adapter is automatically disabled and enable it self after it.
    i've tried using an external wireless adapter (TP link) and it's connected normally.

    Hello padidisawah,
    What is your current situation?
    Have you tried the solution as MVP S.Sengupta mentioned?
    Please take the following steps for troubleshooting:
    1. Go to Control Panel\All Control Panel Items\Troubleshooting\All Categories and run the Network Adapter Troubleshooter
    2. If the wireless adapter can normally connect to other Wireless router, please check the configuration in zte f660 wireless router.
    Best regards,
    Fangzhou CHEN
    Fangzhou CHEN
    TechNet Community Support

  • 802.1x Windows 2012 IAS

    Hello I´m trying to setup 802.1x on an old 3560 switch.
    The Switch is a:
    Switch   Ports  Model              SW Version              SW Image
    *    1   52     WS-C3560-48TS      12.2(25)SEE3            C3560-ADVIPSERVICESK
    I´m using Windows 2012 IAS as RADIUS with the following policies:
    I have the folling config on the switch:
    aaa group server radius RadiusAuth
    server 172.29.8.12 auth-port 1645 acct-port 1646
    aaa authentication login default local
    aaa authentication login local enable
    aaa authentication dot1x default group RadiusAuth
    aaa authorization network default group RadiusAuth
    dot1x system-auth-control
    interface FastEthernet0/31
    description 802.1x tests
    switchport mode access
    dot1x pae authenticator
    dot1x port-control auto
    dot1x timeout quiet-period 3
    dot1x timeout tx-period 5
    dot1x guest-vlan 106
    spanning-tree portfast
    radius-server host 172.29.8.12 auth-port 1645 acct-port 1646
    radius-server retry method reorder
    radius-server transaction max-tries 10
    radius-server timeout 4
    radius-server deadtime 2
    radius-server key KEYSECRET
    radius-server vsa send authentication
    And I cant authenticate , I think it is a RADIUS problem.
    I have this aditional debug info related with RADIUS and Dot1x:
    004898: Aug  5 12:32:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to down
    004899: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
    004900: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
    004901: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
    004902: 7w6d: RADIUS(00000019): sending
    004903: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
    004904: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/77, len 173
    004905: 7w6d: RADIUS:  authenticator A7 3A 07 F8 8D 5B C1 76 - 67 8E 66 54 05 04 0C DB
    004906: 7w6d: RADIUS:  User-Name           [1]   19  "DOMAIN\User"
    004907: 7w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    004908: 7w6d: RADIUS:  Framed-MTU          [12]  6   1500
    004909: 7w6d: RADIUS:  Called-Station-Id   [30]  19  "00-17-94-97-D9-23"
    004910: 7w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-24-BE-C7-09-6F"
    004911: 7w6d: RADIUS:  EAP-Message         [79]  24
    004912: 7w6d: RADIUS:   02 02 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C  [?????DOMAIN\]
    004913: 7w6d: RADIUS:   6F 6C 6F 70 65 7A                                [USER]
    004914: 7w6d: RADIUS:  Message-Authenticato[80]  18
    004915: 7w6d: RADIUS:   31 C9 68 BA B8 E9 DC 78 6E 87 7E A4 89 D5 0C 81  [1?h????xn?~?????]
    004916: 7w6d: RADIUS:  Vendor, Cisco       [26]  24
    004917: 7w6d: RADIUS:   cisco-nas-port     [2]   18  "FastEthernet0/31"
    004918: 7w6d: RADIUS:  NAS-Port            [5]   6   50031
    004919: 7w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]
    004920: 7w6d: RADIUS:  NAS-IP-Address      [4]   6   172.29.11.1
    004921: Aug  5 12:32:32: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
    004922: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004923: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004924: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004925: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004926: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
    004927: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
    004928: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
    004929: 7w6d: RADIUS(00000019): sending
    004930: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
    004931: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/78, len 173
    004932: 7w6d: RADIUS:  authenticator 84 B1 75 9D 4C 21 0F 9D - 19 01 A6 23 DE 1B 74 1A
    004933: 7w6d: RADIUS:  User-Name           [1]   19  "DOMAIN\User"
    004934: 7w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    004935: 7w6d: RADIUS:  Framed-MTU          [12]  6   1500
    004936: 7w6d: RADIUS:  Called-Station-Id   [30]  19  "00-17-94-97-D9-23"
    004937: 7w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-24-BE-C7-09-6F"
    004938: 7w6d: RADIUS:  EAP-Message         [79]  24
    004939: 7w6d: RADIUS:   02 03 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C  [?????DDOMAIN\]
    004940: 7w6d: RADIUS:   6F 6C 6F 70 65 7A                                [User]
    004941: 7w6d: RADIUS:  Message-Authenticato[80]  18
    004942: 7w6d: RADIUS:   D3 1E DC 03 5E 13 CF 93 6B 7F F4 B8 DB 20 65 A6  [????^???k???? e?]
    004943: 7w6d: RADIUS:  Vendor, Cisco       [26]  24
    004944: 7w6d: RADIUS:   cisco-nas-port     [2]   18  "FastEthernet0/31"
    004945: 7w6d: RADIUS:  NAS-Port            [5]   6   50031
    004946: 7w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]
    004947: 7w6d: RADIUS:  NAS-IP-Address      [4]   6   172.29.11.1
    004948: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004949: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004950: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004951: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004952: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004953: Aug  5 12:33:04: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.29.8.12:1645,1646 is not responding.
    004954: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004955: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004956: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004957: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004958: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004959: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/77
    004960: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
    004961: 7w6d: RADIUS/DECODE: parse response; FAIL
    004962: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004963: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004964: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004965: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004966: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/78
    004967: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
    004968: 7w6d: RADIUS/DECODE: parse response; FAIL
    004969: Aug  5 12:35:04: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
    DOT1X
    005294: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
    005295: 7w6d: dot1x-registry:dot1x_switch_port_linkcomingup invoked on interface Fa0/31
    005296: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to UP
    005297: 7w6d:     dot1x_auth Fa0: initial state auth_initialize has enter
    005298: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
    005299: 7w6d:     dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
    005300: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
    005301: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
    005302: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005303: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005304: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005305: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
    005306: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
    005307: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
    005308: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
    005309: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
    005310: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
    005311: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005312: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
    005313: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
    005314: 7w6d: dot1x-ev:dot1x_switch_enable_on_port:  Enabling dot1x on interface FastEthernet0/31
    005315: 7w6d: dot1x-ev:dot1x_switch_enable_on_port: set dot1x ask handler on interface FastEthernet0/31
    005316: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005317: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005318: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005319: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005320: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005321: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005322: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005323: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005324: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005325: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005326: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005327: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005328: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005329: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005330: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005331: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005332: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005333: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005334: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005335: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005336: 7w6d: EAPOL pak dump Tx
    005337: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005338: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005339: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005340: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005341: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005342: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
    005343: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
    005344: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
    005345: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
                        pae-ether-type = 888e.0100.0016
    005346: 7w6d: dot1x-ev:Created a client entry for the supplicant 0024.bec7.096f
    005347: 7w6d: dot1x-ev:Found the default authenticator instance on FastEthernet0/31
    005348: 7w6d: dot1x-registry:EAPOL traffic seen on FastEthernet0/31
    005349: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
    005350: 7w6d: EAPOL pak dump rx
    005351: 7w6d: EAPOL Version: 0x1  type: 0x0  length: 0x0016
    005352: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
    005353: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
    005354: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
    005355: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
    005356: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
    005357: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
    005358: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
    005359: Aug  5 12:39:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
    005360: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005361: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
    005362: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
    005363: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
    005364: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
                        pae-ether-type = 888e.0101.0000
    005365: 7w6d: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/31
    005366: 7w6d: EAPOL pak dump rx
    005367: 7w6d: EAPOL Version: 0x1  type: 0x1  length: 0x0000
    005368: 7w6d: dot1x-sm:Posting EAPOL_START on Client=39E7F78
    005369: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 4(eapolStart)
    005370: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_aborting
    005371: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
    005372: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_enter called
    005373: 7w6d: dot1x-sm:Posting AUTH_ABORT on Client=39E7F78
    005374: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_response, got event 1(authAbort)
    005375: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_initialize
    005376: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
    005377: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_initialize_enter called
    005378: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_initialize
    005379: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
    005380: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
    005381: 7w6d: dot1x-sm:Posting !AUTH_ABORT on Client=39E7F78
    005382: 7w6d:     dot1x_auth Fa0: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
    005383: 7w6d: @@@ dot1x_auth Fa0: auth_aborting -> auth_restart
    005384: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_exit called
    005385: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
    005386: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
    005387: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_restart_action called
    005388: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005389: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005390: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005391: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
    005392: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
    005393: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
    005394: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005395: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005396: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005397: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_enter called
    005398: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_authenticating_action called
    005399: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005400: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005401: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005402: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_enter called
    005403: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005404: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005405: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005406: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005407: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005408: 7w6d: EAPOL pak dump Tx
    005409: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005410: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005411: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0024.bec7.096f)
    005412: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_request_action called
    005413: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005414: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
    005415: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
    005416: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
    005417: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
                        pae-ether-type = 888e.0100.0016
    005418: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
    005419: 7w6d: EAPOL pak dump rx
    005420: 7w6d: EAPOL Version: 0x1  type: 0x0  length: 0x0016
    005421: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
    005422: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
    005423: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
    005424: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
    005425: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
    005426: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
    005427: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
    005428: 7w6d: dot1x-sm:Posting A_WHILE_EXPIRE on Client=39E7F78
    005429: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_response, got event 9(aWhile_expire)
    005430: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_timeout
    005431: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
    005432: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_timeout_enter called
    005433: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_timeout_action called
    005434: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_timeout
    005435: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
    005436: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
    005437: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
    005438: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
    005439: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
    005440: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
    005441: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_fallback_enter called
    005442: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
    005443: 7w6d:     dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
    005444: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
    005445: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authc_result_enter called
    005446: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005447: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
    005448: 7w6d:     dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
    005449: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
    005450: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005451: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
    005452: 7w6d:     dot1x_auth Fa0: during state auth_held, got event 13(restart)
    005453: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
    005454: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_held_exit called
    005455: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
    005456: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
    005457: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005458: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005459: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005460: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
    005461: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
    005462: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
    005463: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
    005464: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
    005465: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
    005466: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter called
    005467: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter sending canned failure to version 1 supplicant
    005468: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x4  id: 0x4  length: 0x0004 type: 0x0  data:
    005469: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005470: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005471: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005472: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005473: 7w6d: EAPOL pak dump Tx
    005474: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0004
    005475: 7w6d: EAP code: 0x4  id: 0x4  length: 0x0004
    005476: 7w6d: dot1x-packet:dot1x_auth_txCannedFail: EAPOL packet sent to client (0024.bec7.096f)
    005477: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005478: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005479: 7w6d: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/31
    005480: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
    005481: 7w6d: dot1x-ev:dot1x_vlan_assign_client_deleted on interface FastEthernet0/31
    005482: 7w6d:     dot1x_auth Fa0: initial state auth_initialize has enter
    005483: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
    005484: 7w6d:     dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
    005485: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
    005486: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
    005487: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005488: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005489: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005490: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
    005491: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
    005492: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
    005493: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
    005494: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
    005495: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
    005496: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005497: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
    005498: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
    005499: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005500: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005501: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005502: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005503: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005504: Aug  5 12:40:17: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
    005505: 7w6d: dot1x-ev:dot1x_critical_active_state_change: Critical Auth Active state changed to FALSE
    005506: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005507: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005508: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005509: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005510: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005511: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005512: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005513: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005514: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005515: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005516: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005517: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005518: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005519: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005520: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005521: 7w6d: EAPOL pak dump Tx
    005522: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005523: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005524: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005525: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005526: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005527: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005528: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005529: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005530: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005531: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005532: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005533: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005534: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005535: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005536: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005537: 7w6d: EAPOL pak dump Tx
    005538: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005539: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005540: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005541: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005542: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005543: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005544: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005545: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005546: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005547: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005548: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005549: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005550: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005551: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005552: 7w6d: EAPOL pak dump Tx
    005553: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005554: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005555: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005556: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
    005557: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
    005558: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
    005559: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
    005560: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
    005561: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
    005562: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_timeout
    005563: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
    005564: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005565: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
    005566: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
    005567: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
    005568: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
    005569: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
    005570: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
    005571: 7w6d:     dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
    005572: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
    005573: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
    005574: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005575: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
    005576: 7w6d:     dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
    005577: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
    005578: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005579: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
    005580: 7w6d:     dot1x_auth Fa0: during state auth_held, got event 13(restart)
    005581: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
    005582: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
    005583: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005584: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
    005585: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005586: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005587: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005588: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005589: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005590: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005591: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005592: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005593: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005594: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005595: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005596: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005597: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005598: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005599: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005600: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005601: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005602: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005603: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005604: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005605: 7w6d: EAPOL pak dump Tx
    005606: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005607: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005608: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005609: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005610: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005611: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005612: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005613: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005614: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005615: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005616: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005617: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005618: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005619: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005620: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005621: 7w6d: EAPOL pak dump Tx
    005622: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005623: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005624: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005625: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005626: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005627: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005628: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005629: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005630: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005631: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005632: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005633: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005634: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005635: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005636: 7w6d: EAPOL pak dump Tx
    005637: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005638: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005639: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005640: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
    005641: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
    005642: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
    005643: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
    005644: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
    005645: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
    005646: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_timeout
    005647: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
    005648: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005649: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
    005650: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
    005651: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
    005652: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
    005653: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
    005654: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
    005655: 7w6d:     dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
    005656: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
    005657: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
    005658: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005659: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
    005660: 7w6d:     dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
    005661: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
    005662: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005663: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
    005664: 7w6d:     dot1x_auth Fa0: during state auth_held, got event 13(restart)
    005665: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
    005666: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
    005667: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005668: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
    005669: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005670: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005671: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005672: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005673: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005674: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005675: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
    005676: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
    005677: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
    005678: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
    005679: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005680: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005681: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005682: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
    005683: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005684: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005685: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005686: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005687: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005688: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005689: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005690: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005691: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005692: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005693: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005694: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005695: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005696: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005697: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005698: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x5  length: 0x0005 type: 0x1  data:
    005699: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005700: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005701: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005702: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005703: 7w6d: EAPOL pak dump Tx
    005704: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005705: 7w6d: EAP code: 0x1  id: 0x5  length: 0x0005 type: 0x1
    005706: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005707: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005708: 7w6d: dot1x-registry:dot1x_switch_port_physical_linkchange invoked on interface Fa0/31
    005709: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to DOWN
    005710: 7w6d: dot1x-ev:Cleared all authenticator instances on FastEthernet0/31
    Dot1x Info for FastEthernet0/31
    PAE                       = AUTHENTICATOR
    PortControl               = AUTO
    ControlDirection          = Both
    HostMode                  = SINGLE_HOST
    ReAuthentication          = Disabled
    QuietPeriod               = 3
    ServerTimeout             = 30
    SuppTimeout               = 30
    ReAuthPeriod              = 3600 (Locally configured)
    ReAuthMax                 = 2
    MaxReq                    = 2
    TxPeriod                  = 5
    RateLimitPeriod           = 0
    Guest-Vlan                = 106
    Any idea? thanks in advance.

    Did you try "Unencrypted authentication (PAP, SPAP)" tick in Network Policies?
    It's probably going to solve your problem

  • Duplicate IP 0.0.0.0 Conflict on 802.1X Windows 7 Clients

    Hi,
    Ever since we implemented ISE 1.x with 802.1X authentication about two years ago, a number of our Windows 7 user stations occassionally report the well known error message: "duplicate ip 0.0.0.0" . Only wired stations are affected and it happens randomly but not frequently. On further investigation I found that the conflicting device mac address in every case is in fact the bia of the switch port that the Windows 7 PC client is connected. The characteristics of each case is consistent with the Cisco device tracking process as detailed in TAC Document ID: 116529, Updated: Oct 09, 2013
         http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html
    We have Cisco C6500 access switches with IOS Ver: 12.2(33)SXJ1.The output of "Show ip device track all" command on the switches:
     access-switch#sh ip device track all
     IP Device Tracking = Enabled
     IP Device Tracking Probe Count = 3
     IP Device Tracking Probe Interval = 30
    I found that Cisco recommends three Solution options as follows:
     1. ip device tracking probe delay 10
     2. ip device tracking probe use-svi
     3. ip device tracking probe interval <seconds>
    However, the ios only shows track probe "count" and "interval" for change. There is no option to change the probe delay or use-svi in this IOS.
    What is your advice?
    Many thanks.
    Sankung

    You may have a look at this document if you have not seen it yet. It goes over device tracking a little more in detail and possible workarounds.
    http://tekdigest.blogspot.com/2013/11/windows-7-with-address-conflict-for-ip.html
    HTH
    luke

  • 802.1x & windows Authentication

    Hi There, Any body has implemented 802.1x port authentication with ACS & windows AD. which authentication is supported in this kind of setup ms-chap or MD5 or PEAP (on the clients).
    and what are the challenges if windows user accounts password changed frequently..
    can any body explain adv & dis adv of 802.1x before I deploy it in network..

    There's a decent guide in the ACS 4.2 documentation on enabling machine access (chapter 12). Basically, you just enable it on the client and the ACS server, and POOF! On the client side, you should have a "Authenticate as computer..." option on your wireless networks tab. Wired is the same, unless you are running XP SP3, Vista, or Windows 7 where machine auth is enabled when you enable user auth.
    MAB with Guest VLAN *should* work, but I have not configured/tested it. Just be aware that MAF on the ACS side is just another form of auth where the user id and password is the MAC address of the client. For this reason, I recommend you put the MAC "users" in your ACS database, not in AD. Otherwise, you'll probably need to create an AD password group policy object for the user group holding your "mac address user accounts" so that they can have a password that matches their user name.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/ACSug.pdf

  • HT4772 Clearing 802.1x Wired Credentials on Mountain Lion

    Followed this link:
    http://kb.mit.edu/confluence/display/istcontrib/Prevent+Mac+OS+X+10.7+or+10.8+fr om+trying+to+connect+to+MIT%27s+802.1x+network+when+using+a+wired+connection
    the issue i'm having is this has cached my login credentials b/c i didn't uncheck Remember this password... How do i clear?  I'm doing testing for work & need to enter different credentials to get different results

    Have you applied all the Apple patches via the menu ==>  Apple logo > Software update?
    There was an issue with wifi in the unpatched ML, but this has long been fixed.
    Another suggestion is to apply a fixed ip address to you Macbook.
    I presume you have rebooted the router?
    If you hold the "Option" key and click on the wifi symbol on the menu bar you get to see more stats about your wifi connection.  Check that it is running in 802.11n mode.

  • 802.11n windows pc card

    has anyone successfully connected a windows pc card to airport extreme via 802.11n? Anyone know a compatible card?

    Although there is no guarantee between vendor products, most devices developed for the same Wi-Fi standards should work together.
    One example of a Windows PC Card is the Linksys WPC300N.

  • Windows Credentials when trying to access MyCloud

    Hi - until yesterday I could happily access MyCloud using either start button + R on my windows 8.1 keyboard or via the network in windows explorer. Then suddenly, Windows began asking me for my credentials - I have tried every combination of passwords I can remember and none have worked. I went online to find a fix and tried resetting my credentials - nothing happened there apart from the fact that I now get a dialog box teling me I have mutiple connections to the same user name (???). I can still access MyCloud using the desktop app (but not in windows explorer). Unfortunately, using the app means I can't upload anything larger than 1GB as the upload always jams at 999MB. The only recent major change I have made to anything was to change my windows account password - would this have an impact on MyCloud? Can anyone help?

    this dosn't sound like the same issue. this sounds like the overall_share issue Can you still see the shares in the desktop or momil apps? it sounds like you need to do a system only restore, this leaves shares & data in place, everthing else like new on other work around I played with and may work (it won't hurt anything) is go into the UI/shares and change the premission of each share from private to public and back again, set the permissions. if a share is public make it private and back. don't rush this and do 1 at a time. if you rush it you will probably trash the overall share file again If you use SSH once you have this working I would create a backup of /etc/samba/overall_share for example cp -p /etc/samba/overall_share ~username/overall_share.bak where username is your mycloud user all lowercase

  • MVC 5 - After some idle time, users are prompted to enter windows credentials on [allowanonymous] controller

    I have set up a web application using windows authentication and have two views for allowanonymous access. In the two views I also have partial views and have function which gets a list of items by calling the enumerable function in the model class.
    Everything all seems fine when accessing the allowanonymous view pages but after some idle time I get prompted to enter username and password. It is consist across different environment DEV, UAT so I am very worried it will happen in Production environment.
    And it seems to go to the home page (http://localhost/home} after failing the credentials.
    See the following configuration I have. Please help.
    in web.config
      <location path="SomeControllerName">
        <system.web>
          <authorization>
            <allow users="*" />
          </authorization>
        </system.web>
      </location>
    In controller
    namespace namespace.Controllers
        [AllowAnonymous]
        public class SomeControllerNameController : Controller
    In IIS
    Anonymous Authentication setting
    Status : Enabled
    Anonymous User identity: IUSR
    Windows Authentication setting
    status:Enabled
    Extended Protection:Accept
    Enable Kernel mode authentication: ticked
    Provider:NTLM
    ASP.Impersnation :disable
    basic authentication :disabled
    Form authentication:disabled

    You put allowanonymous so everyone has the right. It will not be authenticated.
    Anyway you should post this in http://forums.asp.net.
    chanmm 
    chanmm

Maybe you are looking for