802.1x Windows XP Supplicant

Hello,
I have been recently trying to get the built in Windows XP supplicant to function in the following way: using EAPOL-MSCHAPv2 with Username/Password/Domain credentials at the Windows login screen. No certificates, just a pre-shared key between the RADIUS server and the applicant switch. It does not seem to work though... does anyone have experience configuring 802.1x in a similar fashion?
Your input would be immensely appreciated, thank you!
Steve

A few questions regarding your setup:
1. Need AAA configuration for the switch
2. Have you established that requests from XP client is getting to the ACS?
3. What is the failure reason in ACS logs?
With this information, further guidance can be provided.

Similar Messages

  • Inactive Windows 7 supplicant tries to reauthenticate every 4 to 10 minutes in Cisco ISE 1.2.1.899

    Hi,
    We have a dashboard windows 7 supplicant which is being used to monitoring the network activities. There is noone working with this supplicant so it goes inactive.
    What we see in our ISE log, is the supplicant trying to reauthenticate itself every 4 to 10 minutes. It goes on like this the whole day. We dont want this continous behaviour afterall.
    Swith port configuration looks likt this:
    interface FastEthernet0/31
    description 802.1x Poort
    switchport access vlan xxx
    switchport mode access
    switchport nonegotiate
    switchport voice vlan xxx
    no logging event link-status
    priority-queue out
    authentication control-direction in
    authentication host-mode multi-domain
    authentication order mab dot1x
    authentication priority dot1x mab
    authentication port-control auto
    authentication timer inactivity 120
    mab
    no snmp trap link-status
    dot1x pae authenticator
    dot1x timeout quiet-period 300
    dot1x timeout tx-period 10
    dot1x timeout supp-timeout 300
    dot1x max-reauth-req 3
    dot1x timeout held-period 300
    dot1x timeout auth-period 3
    no mdix auto
    storm-control broadcast level 10.00
    storm-control multicast level 10.00
    no cdp enable
    spanning-tree portfast
    service-policy input xxxx
    end
    Has anyone got this same issue? Is this an normal behaviour of an Idle'd supplicant? or other issue around ISE/Switch? Are there any switch configuration we missing to get rid off this behaviour?
    ISE Version: 1.2.0.899
    Patch Information: 5,6,8
    Help would be much appreciated

    Hi Jan,
    Thank you for your reply. Indeed those timer values were not covered in the ISE design guide. We have implemented this timer to tweak the standard design. However we have finally discovered the solution for this issue.
    "authentication timer inactivity 120" was the route cause of the issue. So when a workstation goes to idle, ISE tries to re-authenticate after 2 minutes because of this switch port configuration.
    We have tried to expand the timer to 3600 and it worked, issue fixed. But you will have then every one hour the same result (not a big issue).
    And yes, we have deleted all those timer values to keep the configuration simple as possible. Now we don't have the issue anymore.

  • Windows 7 Supplicant Configuration - ISE PEAP w Machine Auth

    Can anyone tell me the settings for the Windows 7 supplicant that works with ISE and PEAP using machine authentication?  I have an authorization profile that permits the user login only after machine 'WasAuthenticated'.  I have only found this to work by setting the Windows 7 supplicant up to use Single-Sign-On before Windows logon and to specify 'User or Machine' authentication.  Then I'm only successful if I have both wired and wireless connected/on and I perform a logoff/reboot.  Surely this isn't right.  What if a user logs on without any connection with cached credentials and then wants to use wireless?  Can't they just perform both machine and user auth over the wireless connection regardless of prior machine/auth states?  I used the videos from LABMINUTES to configure the policies, but I don't need the ACLs for the WLAN controller because these are autonomous APs.
    Regards,
    Scott

    Microsoft will send both and only cares if one passes. This is the same with radius. ACS and ISE allows you to check to see if the user was authenticated which happens initially on boot. After the initial machine auth, the windows machine will only send user creds. The was machine auth is a workaround to be able to do both. The issue is that when the timeout of the machine creds happen, the devices has to be rebooted. In Cisco Live 2012, they even suggested you don't do this due to not knowing when the cached credentials ACS or ISE will keep this info.
    Sent from Cisco Technical Support iPhone App

  • 802.1x Windows 2012 IAS

    Hello I´m trying to setup 802.1x on an old 3560 switch.
    The Switch is a:
    Switch   Ports  Model              SW Version              SW Image
    *    1   52     WS-C3560-48TS      12.2(25)SEE3            C3560-ADVIPSERVICESK
    I´m using Windows 2012 IAS as RADIUS with the following policies:
    I have the folling config on the switch:
    aaa group server radius RadiusAuth
    server 172.29.8.12 auth-port 1645 acct-port 1646
    aaa authentication login default local
    aaa authentication login local enable
    aaa authentication dot1x default group RadiusAuth
    aaa authorization network default group RadiusAuth
    dot1x system-auth-control
    interface FastEthernet0/31
    description 802.1x tests
    switchport mode access
    dot1x pae authenticator
    dot1x port-control auto
    dot1x timeout quiet-period 3
    dot1x timeout tx-period 5
    dot1x guest-vlan 106
    spanning-tree portfast
    radius-server host 172.29.8.12 auth-port 1645 acct-port 1646
    radius-server retry method reorder
    radius-server transaction max-tries 10
    radius-server timeout 4
    radius-server deadtime 2
    radius-server key KEYSECRET
    radius-server vsa send authentication
    And I cant authenticate , I think it is a RADIUS problem.
    I have this aditional debug info related with RADIUS and Dot1x:
    004898: Aug  5 12:32:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to down
    004899: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
    004900: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
    004901: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
    004902: 7w6d: RADIUS(00000019): sending
    004903: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
    004904: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/77, len 173
    004905: 7w6d: RADIUS:  authenticator A7 3A 07 F8 8D 5B C1 76 - 67 8E 66 54 05 04 0C DB
    004906: 7w6d: RADIUS:  User-Name           [1]   19  "DOMAIN\User"
    004907: 7w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    004908: 7w6d: RADIUS:  Framed-MTU          [12]  6   1500
    004909: 7w6d: RADIUS:  Called-Station-Id   [30]  19  "00-17-94-97-D9-23"
    004910: 7w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-24-BE-C7-09-6F"
    004911: 7w6d: RADIUS:  EAP-Message         [79]  24
    004912: 7w6d: RADIUS:   02 02 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C  [?????DOMAIN\]
    004913: 7w6d: RADIUS:   6F 6C 6F 70 65 7A                                [USER]
    004914: 7w6d: RADIUS:  Message-Authenticato[80]  18
    004915: 7w6d: RADIUS:   31 C9 68 BA B8 E9 DC 78 6E 87 7E A4 89 D5 0C 81  [1?h????xn?~?????]
    004916: 7w6d: RADIUS:  Vendor, Cisco       [26]  24
    004917: 7w6d: RADIUS:   cisco-nas-port     [2]   18  "FastEthernet0/31"
    004918: 7w6d: RADIUS:  NAS-Port            [5]   6   50031
    004919: 7w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]
    004920: 7w6d: RADIUS:  NAS-IP-Address      [4]   6   172.29.11.1
    004921: Aug  5 12:32:32: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
    004922: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004923: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004924: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004925: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004926: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
    004927: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
    004928: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
    004929: 7w6d: RADIUS(00000019): sending
    004930: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
    004931: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/78, len 173
    004932: 7w6d: RADIUS:  authenticator 84 B1 75 9D 4C 21 0F 9D - 19 01 A6 23 DE 1B 74 1A
    004933: 7w6d: RADIUS:  User-Name           [1]   19  "DOMAIN\User"
    004934: 7w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    004935: 7w6d: RADIUS:  Framed-MTU          [12]  6   1500
    004936: 7w6d: RADIUS:  Called-Station-Id   [30]  19  "00-17-94-97-D9-23"
    004937: 7w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-24-BE-C7-09-6F"
    004938: 7w6d: RADIUS:  EAP-Message         [79]  24
    004939: 7w6d: RADIUS:   02 03 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C  [?????DDOMAIN\]
    004940: 7w6d: RADIUS:   6F 6C 6F 70 65 7A                                [User]
    004941: 7w6d: RADIUS:  Message-Authenticato[80]  18
    004942: 7w6d: RADIUS:   D3 1E DC 03 5E 13 CF 93 6B 7F F4 B8 DB 20 65 A6  [????^???k???? e?]
    004943: 7w6d: RADIUS:  Vendor, Cisco       [26]  24
    004944: 7w6d: RADIUS:   cisco-nas-port     [2]   18  "FastEthernet0/31"
    004945: 7w6d: RADIUS:  NAS-Port            [5]   6   50031
    004946: 7w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]
    004947: 7w6d: RADIUS:  NAS-IP-Address      [4]   6   172.29.11.1
    004948: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004949: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004950: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004951: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004952: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004953: Aug  5 12:33:04: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.29.8.12:1645,1646 is not responding.
    004954: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004955: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004956: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004957: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
    004958: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004959: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/77
    004960: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
    004961: 7w6d: RADIUS/DECODE: parse response; FAIL
    004962: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004963: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004964: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004965: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
    004966: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/78
    004967: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
    004968: 7w6d: RADIUS/DECODE: parse response; FAIL
    004969: Aug  5 12:35:04: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
    DOT1X
    005294: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
    005295: 7w6d: dot1x-registry:dot1x_switch_port_linkcomingup invoked on interface Fa0/31
    005296: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to UP
    005297: 7w6d:     dot1x_auth Fa0: initial state auth_initialize has enter
    005298: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
    005299: 7w6d:     dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
    005300: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
    005301: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
    005302: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005303: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005304: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005305: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
    005306: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
    005307: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
    005308: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
    005309: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
    005310: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
    005311: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005312: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
    005313: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
    005314: 7w6d: dot1x-ev:dot1x_switch_enable_on_port:  Enabling dot1x on interface FastEthernet0/31
    005315: 7w6d: dot1x-ev:dot1x_switch_enable_on_port: set dot1x ask handler on interface FastEthernet0/31
    005316: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005317: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005318: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005319: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005320: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005321: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005322: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005323: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005324: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005325: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005326: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005327: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005328: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005329: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005330: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005331: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005332: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005333: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005334: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005335: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005336: 7w6d: EAPOL pak dump Tx
    005337: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005338: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005339: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005340: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005341: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005342: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
    005343: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
    005344: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
    005345: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
                        pae-ether-type = 888e.0100.0016
    005346: 7w6d: dot1x-ev:Created a client entry for the supplicant 0024.bec7.096f
    005347: 7w6d: dot1x-ev:Found the default authenticator instance on FastEthernet0/31
    005348: 7w6d: dot1x-registry:EAPOL traffic seen on FastEthernet0/31
    005349: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
    005350: 7w6d: EAPOL pak dump rx
    005351: 7w6d: EAPOL Version: 0x1  type: 0x0  length: 0x0016
    005352: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
    005353: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
    005354: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
    005355: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
    005356: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
    005357: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
    005358: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
    005359: Aug  5 12:39:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
    005360: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005361: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
    005362: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
    005363: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
    005364: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
                        pae-ether-type = 888e.0101.0000
    005365: 7w6d: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/31
    005366: 7w6d: EAPOL pak dump rx
    005367: 7w6d: EAPOL Version: 0x1  type: 0x1  length: 0x0000
    005368: 7w6d: dot1x-sm:Posting EAPOL_START on Client=39E7F78
    005369: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 4(eapolStart)
    005370: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_aborting
    005371: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
    005372: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_enter called
    005373: 7w6d: dot1x-sm:Posting AUTH_ABORT on Client=39E7F78
    005374: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_response, got event 1(authAbort)
    005375: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_initialize
    005376: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
    005377: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_initialize_enter called
    005378: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_initialize
    005379: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
    005380: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
    005381: 7w6d: dot1x-sm:Posting !AUTH_ABORT on Client=39E7F78
    005382: 7w6d:     dot1x_auth Fa0: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
    005383: 7w6d: @@@ dot1x_auth Fa0: auth_aborting -> auth_restart
    005384: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_exit called
    005385: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
    005386: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
    005387: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_restart_action called
    005388: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005389: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005390: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005391: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
    005392: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
    005393: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
    005394: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005395: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005396: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005397: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_enter called
    005398: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_authenticating_action called
    005399: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005400: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005401: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005402: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_enter called
    005403: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005404: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005405: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005406: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005407: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005408: 7w6d: EAPOL pak dump Tx
    005409: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005410: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005411: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0024.bec7.096f)
    005412: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_request_action called
    005413: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005414: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
    005415: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
    005416: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
    005417: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
                        pae-ether-type = 888e.0100.0016
    005418: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
    005419: 7w6d: EAPOL pak dump rx
    005420: 7w6d: EAPOL Version: 0x1  type: 0x0  length: 0x0016
    005421: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
    005422: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
    005423: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
    005424: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
    005425: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
    005426: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
    005427: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
    005428: 7w6d: dot1x-sm:Posting A_WHILE_EXPIRE on Client=39E7F78
    005429: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_response, got event 9(aWhile_expire)
    005430: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_timeout
    005431: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
    005432: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_timeout_enter called
    005433: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_timeout_action called
    005434: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_timeout
    005435: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
    005436: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
    005437: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
    005438: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
    005439: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
    005440: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
    005441: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_fallback_enter called
    005442: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
    005443: 7w6d:     dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
    005444: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
    005445: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authc_result_enter called
    005446: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005447: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
    005448: 7w6d:     dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
    005449: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
    005450: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005451: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
    005452: 7w6d:     dot1x_auth Fa0: during state auth_held, got event 13(restart)
    005453: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
    005454: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_held_exit called
    005455: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
    005456: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
    005457: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005458: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005459: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005460: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
    005461: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
    005462: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
    005463: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
    005464: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
    005465: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
    005466: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter called
    005467: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter sending canned failure to version 1 supplicant
    005468: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x4  id: 0x4  length: 0x0004 type: 0x0  data:
    005469: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005470: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005471: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005472: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005473: 7w6d: EAPOL pak dump Tx
    005474: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0004
    005475: 7w6d: EAP code: 0x4  id: 0x4  length: 0x0004
    005476: 7w6d: dot1x-packet:dot1x_auth_txCannedFail: EAPOL packet sent to client (0024.bec7.096f)
    005477: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005478: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005479: 7w6d: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/31
    005480: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
    005481: 7w6d: dot1x-ev:dot1x_vlan_assign_client_deleted on interface FastEthernet0/31
    005482: 7w6d:     dot1x_auth Fa0: initial state auth_initialize has enter
    005483: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
    005484: 7w6d:     dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
    005485: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
    005486: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
    005487: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005488: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005489: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005490: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
    005491: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
    005492: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
    005493: 7w6d:     dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
    005494: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
    005495: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
    005496: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005497: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
    005498: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
    005499: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005500: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005501: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005502: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005503: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005504: Aug  5 12:40:17: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
    005505: 7w6d: dot1x-ev:dot1x_critical_active_state_change: Critical Auth Active state changed to FALSE
    005506: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005507: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005508: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005509: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005510: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005511: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005512: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005513: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005514: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005515: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005516: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005517: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005518: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005519: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005520: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005521: 7w6d: EAPOL pak dump Tx
    005522: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005523: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005524: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005525: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005526: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005527: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005528: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005529: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005530: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005531: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005532: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005533: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005534: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005535: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005536: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005537: 7w6d: EAPOL pak dump Tx
    005538: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005539: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005540: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005541: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005542: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005543: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005544: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005545: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005546: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005547: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    005548: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005549: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005550: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005551: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005552: 7w6d: EAPOL pak dump Tx
    005553: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005554: 7w6d: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    005555: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005556: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
    005557: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
    005558: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
    005559: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
    005560: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
    005561: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
    005562: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_timeout
    005563: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
    005564: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005565: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
    005566: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
    005567: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
    005568: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
    005569: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
    005570: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
    005571: 7w6d:     dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
    005572: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
    005573: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
    005574: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005575: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
    005576: 7w6d:     dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
    005577: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
    005578: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005579: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
    005580: 7w6d:     dot1x_auth Fa0: during state auth_held, got event 13(restart)
    005581: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
    005582: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
    005583: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005584: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
    005585: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005586: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005587: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005588: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005589: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005590: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005591: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005592: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005593: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005594: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005595: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005596: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005597: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005598: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005599: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005600: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005601: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005602: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005603: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005604: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005605: 7w6d: EAPOL pak dump Tx
    005606: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005607: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005608: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005609: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005610: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005611: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005612: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005613: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005614: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005615: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005616: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005617: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005618: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005619: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005620: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005621: 7w6d: EAPOL pak dump Tx
    005622: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005623: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005624: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005625: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005626: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
    005627: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
    005628: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
    005629: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
    005630: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005631: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1  data:
    005632: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005633: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005634: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005635: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005636: 7w6d: EAPOL pak dump Tx
    005637: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005638: 7w6d: EAP code: 0x1  id: 0x3  length: 0x0005 type: 0x1
    005639: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005640: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
    005641: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
    005642: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
    005643: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
    005644: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
    005645: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
    005646: 7w6d:     dot1x_auth_bend Fa0: idle during state auth_bend_timeout
    005647: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
    005648: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
    005649: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
    005650: 7w6d:     dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
    005651: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
    005652: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
    005653: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
    005654: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
    005655: 7w6d:     dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
    005656: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
    005657: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
    005658: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005659: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
    005660: 7w6d:     dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
    005661: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
    005662: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable.  Supplicant disabled and EAPOL seen on port FastEthernet0/31.
    005663: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
    005664: 7w6d:     dot1x_auth Fa0: during state auth_held, got event 13(restart)
    005665: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
    005666: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
    005667: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005668: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
    005669: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005670: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005671: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005672: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005673: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005674: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005675: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
    005676: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
    005677: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
    005678: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
    005679: 7w6d:     dot1x_auth Fa0: idle during state auth_disconnected
    005680: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
    005681: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
    005682: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
    005683: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
    005684: 7w6d:     dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
    005685: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
    005686: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
    005687: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
    005688: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    005689: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
    005690: 7w6d:     dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
    005691: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
    005692: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
    005693: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
    005694: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
    005695: 7w6d:     dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
    005696: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
    005697: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
    005698: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x5  length: 0x0005 type: 0x1  data:
    005699: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
    005700: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
    005701: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
    005702: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
    005703: 7w6d: EAPOL pak dump Tx
    005704: 7w6d: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    005705: 7w6d: EAP code: 0x1  id: 0x5  length: 0x0005 type: 0x1
    005706: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    005707: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
    005708: 7w6d: dot1x-registry:dot1x_switch_port_physical_linkchange invoked on interface Fa0/31
    005709: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to DOWN
    005710: 7w6d: dot1x-ev:Cleared all authenticator instances on FastEthernet0/31
    Dot1x Info for FastEthernet0/31
    PAE                       = AUTHENTICATOR
    PortControl               = AUTO
    ControlDirection          = Both
    HostMode                  = SINGLE_HOST
    ReAuthentication          = Disabled
    QuietPeriod               = 3
    ServerTimeout             = 30
    SuppTimeout               = 30
    ReAuthPeriod              = 3600 (Locally configured)
    ReAuthMax                 = 2
    MaxReq                    = 2
    TxPeriod                  = 5
    RateLimitPeriod           = 0
    Guest-Vlan                = 106
    Any idea? thanks in advance.

    Did you try "Unencrypted authentication (PAP, SPAP)" tick in Network Policies?
    It's probably going to solve your problem

  • Broadcom 802.11ac Windows 8.1 won't connect to wifi router

    I'm using a asrock z87E-ITX with Broadcom 802.11ac wireless adapter, and windows 8.1
    my wireless adapter won't connected to my zte f660 wireless router, but it's connected to any mobile phone thetered device. The problem is when i try to connect, the wireless adapter is automatically disabled and enable it self after it.
    i've tried using an external wireless adapter (TP link) and it's connected normally.

    Hello padidisawah,
    What is your current situation?
    Have you tried the solution as MVP S.Sengupta mentioned?
    Please take the following steps for troubleshooting:
    1. Go to Control Panel\All Control Panel Items\Troubleshooting\All Categories and run the Network Adapter Troubleshooter
    2. If the wireless adapter can normally connect to other Wireless router, please check the configuration in zte f660 wireless router.
    Best regards,
    Fangzhou CHEN
    Fangzhou CHEN
    TechNet Community Support

  • Duplicate IP 0.0.0.0 Conflict on 802.1X Windows 7 Clients

    Hi,
    Ever since we implemented ISE 1.x with 802.1X authentication about two years ago, a number of our Windows 7 user stations occassionally report the well known error message: "duplicate ip 0.0.0.0" . Only wired stations are affected and it happens randomly but not frequently. On further investigation I found that the conflicting device mac address in every case is in fact the bia of the switch port that the Windows 7 PC client is connected. The characteristics of each case is consistent with the Cisco device tracking process as detailed in TAC Document ID: 116529, Updated: Oct 09, 2013
         http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html
    We have Cisco C6500 access switches with IOS Ver: 12.2(33)SXJ1.The output of "Show ip device track all" command on the switches:
     access-switch#sh ip device track all
     IP Device Tracking = Enabled
     IP Device Tracking Probe Count = 3
     IP Device Tracking Probe Interval = 30
    I found that Cisco recommends three Solution options as follows:
     1. ip device tracking probe delay 10
     2. ip device tracking probe use-svi
     3. ip device tracking probe interval <seconds>
    However, the ios only shows track probe "count" and "interval" for change. There is no option to change the probe delay or use-svi in this IOS.
    What is your advice?
    Many thanks.
    Sankung

    You may have a look at this document if you have not seen it yet. It goes over device tracking a little more in detail and possible workarounds.
    http://tekdigest.blogspot.com/2013/11/windows-7-with-address-conflict-for-ip.html
    HTH
    luke

  • 802.1x & windows Authentication

    Hi There, Any body has implemented 802.1x port authentication with ACS & windows AD. which authentication is supported in this kind of setup ms-chap or MD5 or PEAP (on the clients).
    and what are the challenges if windows user accounts password changed frequently..
    can any body explain adv & dis adv of 802.1x before I deploy it in network..

    There's a decent guide in the ACS 4.2 documentation on enabling machine access (chapter 12). Basically, you just enable it on the client and the ACS server, and POOF! On the client side, you should have a "Authenticate as computer..." option on your wireless networks tab. Wired is the same, unless you are running XP SP3, Vista, or Windows 7 where machine auth is enabled when you enable user auth.
    MAB with Guest VLAN *should* work, but I have not configured/tested it. Just be aware that MAF on the ACS side is just another form of auth where the user id and password is the MAC address of the client. For this reason, I recommend you put the MAC "users" in your ACS database, not in AD. Otherwise, you'll probably need to create an AD password group policy object for the user group holding your "mac address user accounts" so that they can have a password that matches their user name.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/ACSug.pdf

  • 802.1x - Windows credentials

    Hello all,
    I am working on an 802.1x lab and proof of concept and have 2 problems. Solving either of them will have me good-to go. Just for reference I have:
    1) enabled and tested workstation authentication
    2)can succesfully authenticate users and workstations against AD
    First: If I use the default Windows 2000 802.1x service and have the box "Always use my Windows username and password" box checked when using PEAP, I cannot for the life of me figure out how to authenticate when I have logged in as a local user account. Windows insists on putting the local computer name in front of the username when I log in to a local account, so I cannot simply enter the default company-wide local administrator into ACS's local database.
    Second: If I use the Cisco CTA client, I always get prompted for my password by CTA after I login to Windows, when I thought it should use the credentials I logged in with. I do not care if I have to enter local credentials twice, but a normal user logging into an AD account should not have to. If as I suspect this is a certificate issue my corporation does have a very good PKI infrastructure I can work off of.
    My preference is not to have to install any additional software for 802.1x so if I can figure out how to authenticate when logged in as the local administrator without having to change settings, that would be best, but if I need to I can us the CTA client.
    Any help would be greatly appreciated,
    Nathan Spitzer
    Lockheed Martin TSS

    Not sure if this is for wireless or not, but Windows generally does not allow for this by default, due to roaming issues. See here for more details:
    <http://www.microsoft.com/technet/itsolutions/network/wifi/wififaq.mspx#EAAAA>
    You could set this up with MD5 to ask it for you credentials every time though, if this is for a POC test.
    CTA should be able to acieve SSO as well, but this is a non-default condition for a stand-alone install. You can setup a profile which enables SSO by default though, to achieve an SSO experience for other users. See here for more details:
    <http://www.cisco.com/en/US/products/ps5923/products_maintenance_guide_book09186a008068ece8.html>
    Hope this helps,

  • Anyconnect NAM, does not disable windows wireless supplicant

    I am having some issues with anyconnect nam for wireless. When i install nam with a profile, my wireless works fine, and authenticates as it should, no problem there. I can however not figure out how to get nam to remove the built-in windows supplicant in the tray, which shows me a tray icon, where a user can browse the list of SSID's currently broadcasted, i only want the nam supplicant's own list of ssid's to be shown. Any suggestion on how to accomplish this ?

    Jan,
    http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac04namconfig.html
    Windows Network Status Task Tray Icon
    Network Access Manager overrides Windows network management. After  installing Network Access Manager,  the Windows networking icon in the  task bar may confuse users, because the user can no longer use the  network status icon to connect to networks.
    You can remove the Windows network icon from the task bar by setting  'Remove the networking icon' in a Windows group policy. This setting  only affects the tray icon, the user can still create native wireless  networks using  the Control Panel.
    **Share your knowledge. It’s a way to achieve immortality.
    --Dalai Lama**
    Please Rate if helpful.
    Regards
    Ed

  • Cisco ISE. Windows Native Supplicant on VMware

    HOw to configure VM Ware host, with WIndows 7 guest workstation to do lab test of 802.1x authentication.
    I have created workstation and linked to the port on UCS, port connects to 3850 switch on access mode. how to test it? having problems with 802.1x authentication.

    Thank you guys.. .I got it up and running... Not sure what the problem was..
    Another problem, do you know if there is a why to run anyconnect authentication on VM Windows 7, that is connected to a trunk port on the switch. Meaning this VM host will have example of 10 servers and 5 workstations windows 7. Multiple VLANs connected to a trunk port.. Can i run 802.1x auth on 2 out of my 5 workstations??
    Should i install nexus 1000v?
    THanks

  • WLC 2106 and Microsoft IAS and Windows XP Supplicant

    For one of my SSID's I am using 802.1x with WPA2/AES. I have configured IAS on windows server 2003 and from the server message logs I am able to authenticate a user. I never complete the authentication through the eyes of the WLC though. In using debug commands on the WLC I can see an error that I can not solve.
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-Key from mobile 00:23:4e:70:a9:97
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:23:4e:70:a9:97
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:23:4e:70:a9:97
    Wed Apr  7 03:09:40 2010: 00:23:4e:70:a9:97 Stopping retransmission timer for mobile 00:23:4e:70:a9:97
    I suspect my issues revolves around the message: Ignoring invalid EAPOL version (1) in EAPOL-key message
    Anyone have any idea or insight on additional debug steps that can be taken?
    Regards,
    Justin

    ERD Commander (ERD 5.0) is the version that supports Windows XP. The next version is DaRT Supported Vista and later

  • 802.11n windows pc card

    has anyone successfully connected a windows pc card to airport extreme via 802.11n? Anyone know a compatible card?

    Although there is no guarantee between vendor products, most devices developed for the same Wi-Fi standards should work together.
    One example of a Windows PC Card is the Linksys WPC300N.

  • Setup WLAN using 802.1X Windows PKI

    Is it possible to setup the WLC 2504 to use Windows 2008 PKI to authenticate domain machines automatically to WLAN?

    Here is how to setup NPS
    http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/
    http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/
    Sent from my iPhone

  • NAC L2 802.1X: Windows Logon Problem

    Using CTA 4.0.2, ACS SE 4.x, and Windows AD the following occurs:
    1. When login to WindowsXP using Local Account, then CTA prompts its login. I can then put the AD account. This process works!
    2. When login to WindowsXP using AD Account, the error msg "domain xyz is not available", so the CTA prompt never come-up
    3. When login to WindowsXP using "CACHED" AD Account, then CTA prompts its login. I can then put the AD account. This process works also!
    4. Using Single Sign-on with "Never Validate Server", #2 and #3 occured.
    Any input is very appreciated. Cisco TAC has been notified.
    thanks,
    Audie
    703-292-5316

    Hi all,
    I have the exact same problem.
    I have just upgraded my ACS to 4.1 but that didnt help on the problem.
    You write "CTA 4.0.2"....I suppose you mean 2.0.x ?
    Did you guys do anything extra on the ACS to get this to work ?
    Kind regards
    KDam

  • 802.1x windows group policy

    We have strange issue , some users disconnected and connected again within few seconds.
    which result Cisco NAC agent started again to check posture status , but no logs on the switch that the ports were down also IP Phones connected between switch and PC.
    we noticed that there is group policy pushed from Domain in the same time.
    any one faced this issue (when apply group policy , the network card reset?)

    1- CP-7945
    2- Windows 8.1.
    3- WS-C3750X-24P.
    4- 
     switchport mode access
     switchport voice vlan x
     ip arp inspection limit rate x
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan x
     authentication event server dead action authorize voice
     authentication host-mode multi-domain
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication timer reauthenticate server
     mab
     snmp trap mac-notification change added
     snmp trap mac-notification change removed
     dot1x pae authenticator
     dot1x timeout tx-period 12
     spanning-tree portfast
     ip verify source

Maybe you are looking for

  • How do I delete all my contacts from my iPod Touch?

    I'm giving my iPod touch to my grandson and want to delete all my contacts from my iPod Touch. These have been synched from Mobile Me (.Mac). I've unchecked the synch contact box in the setting section of iTunes, but the contacts do not get deleted.

  • Lookup in same batch of messages

    hi all, is it possible to do a lookup in same batch of messages? Ex. FTP-XI-R/3 A textfile was transferred in FTP. I need to do a lookup if there are any 2 similar messages (messages containing same value in a certain field).

  • Webservice Proxy Object

    Hi! I want to use an extern Webservice, provided by a webserver in the intranet. First of all: i tried this in to different systems. One of them did it. The other did not. I create a proxy for the webservice and create a lshort abap programm like thi

  • Non Responsive USB Port

    I was wondering if anyone was having trouble with their USB port. I tried hooking up an external HD and it can't seem to notice the drive under the "Disks" portion of APUtility. The drive, however, does work with my AP extreme 802.11n (1st gen, not t

  • Safari - locations do not open - freeze partway

    Safar will not open sometimes - gets partway through opening an address/location and then stops.  This happens with apple.com, google.com as well as other sites.  If history is deleted completely this will work but not reliably.