Configuring CAR 4.1 with EAP-TTLS
After the successful installation of the Cisco AR 4.1, we were able to verify open authentication using the "radclient". But when we started to configure AR with EAP-TTLS, we noticed that the only fields appearing under "eap-ttls-service" are
Name = eap-ttls
Description =
Type = eap-ttls
And it's missing something like 14 other parms including "AuthenticationService =" where the MSCHAPv2 is defined. Any thoughts?
Hazhir Afzali
Hello Hazhir,
how exactly are you configuring the service ? Have a look at the link below, are these the procedures you follow ?
Configuring EAP-TTLS
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/4_1/users/eap.htm#wp1042234
Regards,
GNT
Similar Messages
-
EAP-TTLS with GTC (Generic Token Card)
Greetings iPad Forum,
Our corporate wireless is currently setup to use EAP-TTLS with EAP-GTC (Generic Token Card) for inner identity. In other words, once a connection to the AP is initiated from a PC or Mac, the user is prompted for their RSA SecurID Passcode. No such luck on the iPad - it thinks that the AP is using TLS and wants a Certificate instead of a Token.
As a next step, I started playing with the iPhone Configuration Utility. It is possible to manually specify that the AP is using EAP-TTLS, but I see that EAP-GTC is not an inner identity option - only the *AP methods (PAP, CHAP, etc.).
Has anyone successfully connected to a Wifi network requiring EAP-GTC? I know that Tokens are supported for VPN, but not Wifi?Keep playing with the iPCU. EAP-GTC with one-time password needs to be configured using a mobile configuration containing the WiFi payload. If configured on-device, iOS will continue to use the cached password causing account lockout.
For (a little) more information see: http://www.enterpriseios.com/wiki/Enterprise_Integration -
Connecting myRIO to WiFi with WPA2 Enterprise EAP-TTLS
Hey guys,
I´m struggling to connect my myRIO to the eduroam wifi on campus. It worked for a time, but now it suddenly just doesn´t.
The network runs a EAP-TTLS (or PEAP) Authentification, MSCHAPv2 as an inner authentification and a GT UserTrust Global Root certificate. When I first got it working I just set it up in MAX and uploaded the certificate, when that now stopped working I´ve tried just about everything including editing the wpa_supplicant locally on the myRIO.
To put it short I´m stumped at this, and the fact that it worked for a while doesn´t help O.o
Cheers,
BjørnHi bjornsol,
I managed to connect a wireless cDAQ to eduroam by
Uploading the certificate in MAX
Entering the user name and network secret for PEAP, IP adress set to "DHCP or Link Local"
I can also confirm successfully accessing the device from a eduroam connected computer. Remember to configure a password for your device, it will otherwise be accessible to other eduroam users.
Ask the IT department at your university for a valid certificate. I downloaded this certificate from the KTH eduroam web page, not sure it will work for you if you are registered at another university.
If this doesn't work for you, please upload a screenshot from MAX when trying to connect to the network.
Best regards,
Robert P-F
Applications Engineer
National Instruments Sweden -
802.1x RADIUS with EAP-TLS/EAP-TTLS & Dynamic VLAN Assignment
Hello, My team is looking for switches supporting 802.1x authentication on either EAP-TTLS or EAP-TLS protocols with dynamic vlan assignment enabled for these. Looking at the data sheets of the Linksys desktop switches, I found only SLM224G4PS and SLM224G4S models to support EAP-TLS or EAP-TTLS. Am I right? Do they support Dynamic VLAN Assigment for either of those protocols? This is not explicitly mentioned in the data sheets, and I happen to find switches from other manufacturers that announce to support EAP-TLS/EAP-TTLS but no dynamic vlan assignment. Thank you for any help.
SLM switches do support 802.1x RADIUS with EAP-TLS/EAP-TTLS unlike the SRW switches which support MD5. But I don't think that they support Dynamic VLAN.
-
Hi,
I try to use EAP-TTLS on one of my wireless networks and the 802.1x authentification fails at this moment:
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.800: 00:16:cb:66:29:bc Processing Access-Accept for mobile 00:16:cb:06:09:bc
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: 00:16:cb:66:29:bc Resetting web acl from 255 to 255
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.802: 00:16:cb:66:29:bc apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 20, reasonCode 2
Do you have any idea where I can find what are deleteReason 20 and reasonCode 2?
Thanks.can you increase the EAP timers and try
(Cisco Controller) >config advanced eap ?
eapol-key-timeout Configures EAPOL-Key Timeout in milliseconds.
eapol-key-retries Configures EAPOL-Key Max Retries.
identity-request-timeout Configures EAP-Identity-Request Timeout in seconds.
identity-request-retries Configures EAP-Identity-Request Max Retries.
key-index Configure the key index used for dynamic WEP (802.1x) unicast key (PTK).
max-login-ignore-identity-response Configure to ignore the same username count reaching max in the EAP identity response
request-timeout Configures EAP-Request Timeout in seconds.
request-retries Configures EAP-Request Max Retries.
(Cisco Controller) >config advanced eap -
Authentication with EAP-MD5/PEAP/FAST
Version: ISE 1.2p12
Hello,
I have trouble authenticating devices that use different protocols:
- Cisco IP Phones: EAP-MD5
- Windows machines: EAP-PEAP
- Cisco APs: EAP-FAST
1) I'm able to authenticate the IP Phones individually with a authentication rule:
IP PHONES If Wired_802.1X allowed protocols EAP-MD5
For EAP-MD5 I selected only EAP-MD5
Now if I use a generic rule
DEVICES If Wired_802.1X allowed protocols EAP-PEAP-FAST-MD5
with EAP-PEAP-FAST-MD5 having EAP-PEAP, EAP-FAST, EAP-MD5 selected, it doesn't work
ISE says that there's a protocol mismatch:
"Failure Reason: 12121 Client didn't provide suitable ciphers for anonymous PAC-provisioning"
ISE is trying to authenticate my phone with EAP-FAST while the Cisco phone is useing EAP-MD5
I read in another topic that some of you would consider MAB/Profiling for the APs and probably for the Cisco IP Phones. But I'm wondering if it's possible to have one authentication rule with allowed protocols EAP-PEAP-FAST-MD5
2) Also, if I place the EAP-MD5 authentication rule higher and then have a rule for EAP-PEAP-FAST below it doesn't work because only the first rule is matched. I have configured the first rule with "If authentication fails = Continue"
Does any of you have hints ?I know now the problem. WLC try to connect with "anonymous bind" to the ldap server. It works well with Win2000. With Win2003 it works only if you open the security. See link: http://support.microsoft.com/kb/320528/en
You haven't the possiblity to configure any username/pwd for a secure ldap query. It's something that is an absolutely need for many customers.
For the moment I will sugest the "workaround" with AP->WLC->Radius->LDAP
Kind regards
Alex -
IEEE 802.1x with EAP-TLS issue in cisco 2960
In My Cisco 2960 switch is not working with EAP-TLS mechanism of 802.1x but its works well with other protocols like EAP-PEAP or MAC Address authentication.
Below is the configuration
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group radius
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group radius
aaa authorization configuration default group radius
aaa accounting update periodic 30
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
speed 100
duplex full
authentication order dot1x mab webauth
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 3
spanning-tree portfast
spanning-tree bpduguard enable
Can anyone suggest me ?Thanks for the reply jatin.
I have a client on the interface fa0/1 with a valid client certificate. And have a debug logs as below
*Mar 8 00:03:06.266: dot1x-ev(Fa0/1): Interface state changed to UP
*Mar 8 00:03:06.266: AAA/BIND(000001C7): Bind i/f
*Mar 8 00:03:06.266: dot1x_auth Fa0/1: initial state auth_initialize has enter
*Mar 8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_initialize_enter called
*Mar 8 00:03:06.266: dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)
*Mar 8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected
*Mar 8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called
*Mar 8 00:03:06.266: dot1x_auth Fa0/1: idle during state auth_disconnected
*Mar 8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart
*Mar 8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called
*Mar 8 00:03:06.266: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (0000.0000.0000)
*Mar 8 00:03:06.266: dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter
*Mar 8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called
*Mar 8 00:03:06.266: dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle
*Mar 8 00:03:06.266: dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)
*Mar 8 00:03:06.266: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle
*Mar 8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called
*Mar 8 00:03:06.266: dot1x-ev(Fa0/1): Created a client entry (0xB0000DBA)
*Mar 8 00:03:06.266: dot1x-ev(Fa0/1): Dot1x authentication started for 0xB0000DBA (0000.0000.0000)
*Mar 8 00:03:06.266: dot1x-ev:DOT1X Supplicant not enabled on FastEthernet0/1
*Mar 8 00:03:06.266: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA
*Mar 8 00:03:06.266: dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar 8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar 8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called
*Mar 8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called
*Mar 8 00:03:06.274: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA
*Mar 8 00:03:06.274: dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar 8 00:03:06.274: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar 8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called
*Mar 8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called
*Mar 8 00:03:06.274: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA
*Mar 8 00:03:06.274: dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar 8 00:03:06.274: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar 8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar 8 00:03:06.274: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:06.274: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:06.274: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:06.274: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:06.274: EAPOL pak dump Tx
*Mar 8 00:03:06.274: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 8 00:03:06.274: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 8 00:03:06.274: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (0000.0000.0000)
*Mar 8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:06.794: dot1x-packet(Fa0/1): queuing an EAPOL pkt on Auth Q
*Mar 8 00:03:06.794: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar 8 00:03:06.794: EAPOL pak dump rx
*Mar 8 00:03:06.794: EAPOL Version: 0x1 type: 0x1 length: 0x0000
*Mar 8 00:03:06.794: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 0,TYPE= 0,LEN= 0
*Mar 8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): Couldn't find the supplicant in the list
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): New client detected, notifying AuthMgr
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): Sending event (0) to Auth Mgr for d43d.7e65.4fc1
*Mar 8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL-Start packet
*Mar 8 00:03:06.794: EAPOL pak dump rx
*Mar 8 00:03:06.794: EAPOL Version: 0x1 type: 0x1 length: 0x0000
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): Posting EAPOL_START on Client 0xB0000DBA
*Mar 8 00:03:06.794: dot1x_auth Fa0/1: during state auth_authenticating, got event 4(eapolStart)
*Mar 8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_aborting
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_enter called
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): 802.1x method gets the go ahead from Auth Mgr for 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:06.794: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): Posting AUTH_ABORT for 0xB0000DBA
*Mar 8 00:03:06.794: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 1(authAbort)
*Mar 8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_initialize
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called
*Mar 8 00:03:06.794: dot1x_auth_bend Fa0/1: idle during state auth_bend_initialize
*Mar 8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): Posting !AUTH_ABORT on Client 0xB0000DBA
*Mar 8 00:03:06.794: dot1x_auth Fa0/1: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
*Mar 8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_aborting -> auth_restart
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_exit called
*Mar 8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): Resetting the client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:06.794: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_restart_action called
*Mar 8 00:03:06.802: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA
*Mar 8 00:03:06.802: dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar 8 00:03:06.802: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar 8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called
*Mar 8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA
*Mar 8 00:03:06.811: dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar 8 00:03:06.811: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA
*Mar 8 00:03:06.811: dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar 8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar 8 00:03:06.811: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:06.811: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:06.811: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:06.811: EAPOL pak dump Tx
*Mar 8 00:03:06.811: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 8 00:03:06.811: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 8 00:03:06.811: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called
*Mar 8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:06.811: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar 8 00:03:06.811: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar 8 00:03:06.811: EAPOL pak dump rx
*Mar 8 00:03:06.811: EAPOL Version: 0x1 type: 0x0 length: 0x0022
*Mar 8 00:03:06.811: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 1,LEN= 34
*Mar 8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar 8 00:03:06.811: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0022
*Mar 8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet
*Mar 8 00:03:06.811: EAPOL pak dump rx
*Mar 8 00:03:06.811: EAPOL Version: 0x1 type: 0x0 length: 0x0022
*Mar 8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA
*Mar 8 00:03:06.811: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)
*Mar 8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called
*Mar 8 00:03:06.811: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called
*Mar 8 00:03:06.811: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'
*Mar 8 00:03:06.819: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X
*Mar 8 00:03:06.819: RADIUS(000001C7): Config NAS IP: 0.0.0.0
*Mar 8 00:03:06.819: RADIUS/ENCODE(000001C7): acct_session_id: 724
*Mar 8 00:03:06.819: RADIUS(000001C7): sending
*Mar 8 00:03:06.819: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59
*Mar 8 00:03:06.819: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/83, len 251
*Mar 8 00:03:06.819: RADIUS: authenticator A1 79 FA E5 F4 B7 7F 4F - 2B 73 3A 0D 1F D8 89 20
*Mar 8 00:03:06.819: RADIUS: User-Name [1] 31 "host/D0902MALL005.IN.intranet"
*Mar 8 00:03:06.819: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 8 00:03:06.819: RADIUS: Framed-MTU [12] 6 1500
*Mar 8 00:03:06.819: RADIUS: Called-Station-Id [30] 19 "D4-A0-2A-EE-14-81"
*Mar 8 00:03:06.819: RADIUS: Calling-Station-Id [31] 19 "D4-3D-7E-65-4F-C1"
*Mar 8 00:03:06.819: RADIUS: EAP-Message [79] 36
*Mar 8 00:03:06.819: RADIUS: 02 01 00 22 01 68 6F 73 74 2F 44 30 39 30 32 4D 41 4C 4C 30 ["host/D0902MALL0]
*Mar 8 00:03:06.819: RADIUS: 30 35 2E 49 4E 2E 69 6E 74 72 61 6E 65 74 [ 05.IN.intranet]
*Mar 8 00:03:06.819: RADIUS: Message-Authenticato[80] 18
*Mar 8 00:03:06.819: RADIUS: D6 6F 7B CD 36 46 5E F6 90 6F 85 A8 BD BD AE D8 [ o{6F^o]
*Mar 8 00:03:06.819: RADIUS: EAP-Key-Name [102] 2 *
*Mar 8 00:03:06.819: RADIUS: Vendor, Cisco [26] 49
*Mar 8 00:03:06.819: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0A1AED0B000000EE240F5BAB"
*Mar 8 00:03:06.819: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Mar 8 00:03:06.819: RADIUS: NAS-Port [5] 6 50001
*Mar 8 00:03:06.819: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/1"
*Mar 8 00:03:06.819: RADIUS: NAS-IP-Address [4] 6 10.26.237.11
*Mar 8 00:03:06.819: RADIUS: Acct-Session-Id [44] 10 "000002D4"
*Mar 8 00:03:06.819: RADIUS(000001C7): Started 3 sec timeout
*Mar 8 00:03:06.861: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 8 00:03:06.903: RADIUS: Received from id 1645/83 10.26.13.59:1812, Access-Challenge, len 76
*Mar 8 00:03:06.903: RADIUS: authenticator 7B 1C DC CA A8 92 E9 34 - 17 86 25 2F 9D 7E 63 96
*Mar 8 00:03:06.903: RADIUS: EAP-Message [79] 8
*Mar 8 00:03:06.903: RADIUS: 01 02 00 06 0D 20 [ ]
*Mar 8 00:03:06.903: RADIUS: Message-Authenticato[80] 18
*Mar 8 00:03:06.903: RADIUS: DD F3 7B 33 37 6D 40 BD F3 D2 78 DF F1 14 4D E4 [ {37m@xM]
*Mar 8 00:03:06.903: RADIUS: State [24] 30
*Mar 8 00:03:06.903: RADIUS: 00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70 [ }@EP.{Lp]
*Mar 8 00:03:06.911: RADIUS(000001C7): Received from id 1645/83
*Mar 8 00:03:06.911: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
*Mar 8 00:03:06.911: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA
*Mar 8 00:03:06.911: dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)
*Mar 8 00:03:06.911: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request
*Mar 8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar 8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar 8 00:03:06.911: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:06.911: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:06.911: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:06.911: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:06.911: EAPOL pak dump Tx
*Mar 8 00:03:06.911: EAPOL Version: 0x3 type: 0x0 length: 0x0006
*Mar 8 00:03:06.911: EAP code: 0x1 id: 0x2 length: 0x0006 type: 0xD
*Mar 8 00:03:06.911: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called
*Mar 8 00:03:06.920: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:06.920: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar 8 00:03:06.920: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar 8 00:03:06.920: EAPOL pak dump rx
*Mar 8 00:03:06.920: EAPOL Version: 0x1 type: 0x0 length: 0x0069
*Mar 8 00:03:06.920: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 105
*Mar 8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar 8 00:03:06.920: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0069
*Mar 8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet
*Mar 8 00:03:06.920: EAPOL pak dump rx
*Mar 8 00:03:06.920: EAPOL Version: 0x1 type: 0x0 length: 0x0069
*Mar 8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1
*Mar 8 00:03:06.920: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA
*Mar 8 00:03:06.920: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)
*Mar 8 00:03:06.920: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response
*Mar 8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called
*Mar 8 00:03:06.920: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called
*Mar 8 00:03:06.920: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'
*Mar 8 00:03:06.920: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X
*Mar 8 00:03:06.920: RADIUS(000001C7): Config NAS IP: 0.0.0.0
*Mar 8 00:03:06.920: RADIUS/ENCODE(000001C7): acct_session_id: 724
*Mar 8 00:03:06.920: RADIUS(000001C7): sending
*Mar 8 00:03:06.920: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59
*Mar 8 00:03:06.920: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/84, len 352
*Mar 8 00:03:06.920: RADIUS: authenticator 41 72 8D 6A B4 72 19 84 - 1B C8 33 F7 95 DD 07 BC
*Mar 8 00:03:06.928: RADIUS: User-Name [1] 31 "host/D0902MALL005.IN.intranet"
*Mar 8 00:03:06.928: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 8 00:03:06.928: RADIUS: Framed-MTU [12] 6 1500
*Mar 8 00:03:06.928: RADIUS: Called-Station-Id [30] 19 "D4-A0-2A-EE-14-81"
*Mar 8 00:03:06.928: RADIUS: Calling-Station-Id [31] 19 "D4-3D-7E-65-4F-C1"
*Mar 8 00:03:06.928: RADIUS: EAP-Message [79] 107
*Mar 8 00:03:06.928: RADIUS: 02 02 00 69 0D 80 00 00 00 5F 16 03 01 00 5A 01 00 00 56 03 01 52 C5 45 4F 07 CA B3 29 50 A7 CE 40 76 B6 BD F0 50 D4 CE 9A 8A 02 C4 3D 40 35 B5 F0 E1 E2 75 [i_ZVREO)P@vP=@5u]
*Mar 8 00:03:06.928: RADIUS: 50 00 00 18 00 2F 00 35 00 05 00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 17 00 18 00 0B 00 02 01 00 [ P/528]
*Mar 8 00:03:06.928: RADIUS: Message-Authenticato[80] 18
*Mar 8 00:03:06.928: RADIUS: A3 28 CE 27 20 C0 D6 2C 11 01 D6 61 1F C3 6F 03 [ (' ,ao]
*Mar 8 00:03:06.928: RADIUS: EAP-Key-Name [102] 2 *
*Mar 8 00:03:06.928: RADIUS: Vendor, Cisco [26] 49
*Mar 8 00:03:06.928: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0A1AED0B000000EE240F5BAB"
*Mar 8 00:03:06.928: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Mar 8 00:03:06.928: RADIUS: NAS-Port [5] 6 50001
*Mar 8 00:03:06.928: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/1"
*Mar 8 00:03:06.928: RADIUS: State [24] 30
*Mar 8 00:03:06.928: RADIUS: 00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70 [ }@EP.{Lp]
*Mar 8 00:03:06.928: RADIUS: NAS-IP-Address [4] 6 10.26.237.11
*Mar 8 00:03:06.928: RADIUS: Acct-Session-Id [44] 10 "000002D4"
*Mar 8 00:03:06.928: RADIUS(000001C7): Started 3 sec timeout
*Mar 8 00:03:07.004: RADIUS: Received from id 1645/84 10.26.13.59:1812, Access-Challenge, len 1188
*Mar 8 00:03:07.004: RADIUS: authenticator 7B 52 29 05 7E C3 EF 8E - 13 38 30 03 4B 65 64 0F
*Mar 8 00:03:07.004: RADIUS: EAP-Message [79] 255
*Mar 8 00:03:07.004: RADIUS: 01 03 04 56 0D C0 00 00 05 78 16 03 01 00 51 02 00 00 4D 03 01 52 C5 45 4F 0F 04 37 77 A0 C2 68 66 4E 45 92 AB 3D 7F 94 70 AF 36 [VxQMREO7whfNE=p6]
*Mar 8 00:03:07.004: RADIUS: 1D C5 17 23 5C F1 FA CA 60 B0 20 A5 48 16 D5 3F F9 B0 FF 38 1D D5 13 B3 88 13 06 EF DC 87 5C AE 17 E7 7E 80 84 21 58 64 F7 A6 36 00 35 00 00 05 FF 01 00 01 00 16 03 01 02 1C 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 [#\` H?8\~!Xd6500]
*Mar 8 00:03:07.004: RADIUS: 82 01 77 A0 03 02 01 02 02 09 00 88 7A CB 35 3F 1E 3E 62 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50 [wz5?>b0*H0/10USP]
*Mar 8 00:03:07.004: RADIUS: 49 4E 41 56 44 30 30 30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C [INAVD0000410UPol]
*Mar 8 00:03:07.004: RADIUS: 69 63 79 4D 61 6E 61 67 65 72 30 1E 17 0D 31 33 30 38 32 [icyManager013082]
*Mar 8 00:03:07.004: RADIUS: 37 30 37 32 34 33 30 5A 17 0D 31 34 30 38 32 37 30 37 [7072430Z14082707]
*Mar 8 00:03:07.004: RADIUS: 32 34 33 30 5A 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50 49 4E 41 56 [2430Z0/10USPINAV]
*Mar 8 00:03:07.004: RADIUS: 44 30 30 [ D00]
*Mar 8 00:03:07.004: RADIUS: EAP-Message [79] 255
*Mar 8 00:03:07.004: RADIUS: 30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C 69 63 79 4D 61 6E 61 [00410UPolicyMana]
*Mar 8 00:03:07.004: RADIUS: 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 C9 B9 03 65 83 EB 39 86 14 BC 95 7B DB 07 7E C5 8A D7 DA C7 8A CA 5A 88 6E 0B 93 06 35 57 [ger00*H0e9{~Zn5W]
*Mar 8 00:03:07.012: RADIUS: 6E DE 93 CD C9 FE 8E 9F E1 5F A9 04 5C BD A9 AD 5A 04 6E 35 47 76 A1 58 E5 C4 32 D7 49 9E 17 75 20 C6 6F 45 40 [n_\Zn5GvX2Iu oE@]
*Mar 8 00:03:07.012: RADIUS: AC EF 40 6D 15 38 F9 C2 28 7E C9 68 37 52 3B BF F4 C1 5E B8 BA 46 68 43 79 B1 65 66 [@m8(~h7R;^FhCyef]
*Mar 8 00:03:07.012: RADIUS: 9E 58 ED EC 8C 95 A2 D8 BF AA 77 AC 85 90 E3 AB C6 27 3A A2 22 AC 1C 48 B3 BF BE F7 85 CF 5C BB 2D 02 03 01 00 01 A3 32 30 30 30 0F 06 03 55 1D 11 04 08 30 06 87 04 0A 1A 0D 3B 30 [Xw':"H\-2000U0;0]
*Mar 8 00:03:07.012: RADIUS: 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 03 30 0D 06 09 2A 86 48 86 F7 0D 01 01 [ U?0++0*H]
*Mar 8 00:03:07.012: RADIUS: EAP-Message [79] 255
*Mar 8 00:03:07.012: RADIUS: 05 05 00 03 81 81 00 C4 46 3E 38 3D 53 0F 28 34 C1 A6 ED DC 70 76 9B 70 6B A8 95 7C 44 8E 7D 6E D6 8B 6D [F>8=S(4pvpk|D}nm]
*Mar 8 00:03:07.012: RADIUS: 90 49 83 06 E4 BF 68 2F 9D 77 78 A3 76 76 19 84 AD 26 3F F3 ED AA 88 52 35 0E 35 DD 00 E5 96 88 44 30 79 A0 71 [Ih/wxvv&?R55D0yq]
*Mar 8 00:03:07.012: RADIUS: 8D 25 3E 77 A0 E0 43 92 33 55 40 E1 C8 EE 88 11 25 E2 70 28 11 6C 5A 4E 3D F1 93 57 0A 6F [?>wC3U@?p(lZN=Wo]
*Mar 8 00:03:07.012: RADIUS: 36 51 72 04 08 C0 C0 DF F0 94 A9 F7 A1 05 C8 37 D6 F8 D4 9C 20 1A 7B CD 2C 17 83 7B 8E 20 F7 2D B6 16 03 01 02 FC 0D 00 02 F4 03 01 02 40 02 EE 00 63 30 61 31 0B 30 [6Qr7 {,{ -@c0a10]
*Mar 8 00:03:07.012: RADIUS: 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0A 13 0C 44 69 67 69 43 65 72 74 20 49 [UUS10UDigiCert I]
*Mar 8 00:03:07.012: RADIUS: 6E 63 31 19 30 17 06 03 55 04 0B 13 10 77 77 77 2E 64 69 67 69 63 65 72 [nc10Uwww.digicer]
*Mar 8 00:03:07.012: RADIUS: 74 2E 63 6F 6D 31 20 30 1E 06 03 55 04 03 13 17 44 69 67 69 43 65 72 [t.com1 0UDigiCer]
*Mar 8 00:03:07.012: RADIUS: 74 20 47 6C 6F 62 61 6C 20 52 6F 6F 74 20 43 41 [t Global Root CA]
*Mar 8 00:03:07.012: RADIUS: 00 48 [ H]
*Mar 8 00:03:07.012: RADIUS: EAP-Message [79] 255
*Mar 8 00:03:07.012: RADIUS: 30 46 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31 [0F10&,dintranet1]
*Mar 8 00:03:07.020: RADIUS: 12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 16 30 14 06 03 55 04 03 13 0D 49 6E 64 69 61 20 52 [0&,dIN10UIndia R]
*Mar 8 00:03:07.020: RADIUS: 6F 6F 74 20 43 41 00 4A 30 48 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E [oot CAJ0H10&,din]
*Mar 8 00:03:07.020: RADIUS: 74 72 61 6E 65 74 31 12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 18 30 16 06 03 55 [tranet10&,dIN10U]
*Mar 8 00:03:07.020: RADIUS: 04 03 13 0F 45 6E 74 65 72 70 72 69 73 65 20 43 41 2D 31 00 4D [Enterprise CA-1M]
*Mar 8 00:03:07.020: RADIUS: 30 4B 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31 [0K10&,dintranet1]
*Mar 8 00:03:07.020: RADIUS: 12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 1B 30 19 06 03 55 04 03 13 12 49 4E 2D 53 50 49 4E [0&,dIN10UIN-SPIN]
*Mar 8 00:03:07.020: RADIUS: 43 52 54 30 30 30 30 33 2D 43 41 00 D5 30 81 D2 31 0B 30 09 06 03 55 04 06 13 02 55 [CRT00003-CA010UU]
*Mar 8 00:03:07.020: RADIUS: 53 31 13 30 11 06 03 55 04 [ S10U]
*Mar 8 00:03:07.020: RADIUS: EAP-Message [79] 100
*Mar 8 00:03:07.020: RADIUS: 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E [California10USun]
*Mar 8 00:03:07.020: RADIUS: 6E 79 76 61 6C 65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E [nyvale10UAruba N]
*Mar 8 00:03:07.020: RADIUS: 65 74 77 6F 72 6B 73 31 40 30 3E 06 03 55 04 03 0C 37 43 6C 65 [etworks1@0>U7Cle]
*Mar 8 00:03:07.020: RADIUS: 61 72 50 61 73 73 20 4F 6E 62 6F 61 72 64 20 4C [arPass Onboard L]
*Mar 8 00:03:07.020: RADIUS: 6F 63 61 6C 20 43 65 72 74 69 [ ocal Certi]
*Mar 8 00:03:07.020: RADIUS: Message-Authenticato[80] 18
*Mar 8 00:03:07.020: RADIUS: 12 75 40 41 6F 40 6B 6F A5 FE AB 85 F3 B3 CF A4 [ u@Ao@ko]
*Mar 8 00:03:07.020: RADIUS: State [24] 30
*Mar 8 00:03:07.020: RADIUS: 00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1 [ oQKnEKkHw]
*Mar 8 00:03:07.029: RADIUS(000001C7): Received from id 1645/84
*Mar 8 00:03:07.029: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+98, total 1110 bytes
*Mar 8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA
*Mar 8 00:03:07.037: dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)
*Mar 8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request
*Mar 8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar 8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar 8 00:03:07.037: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:07.037: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:07.037: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:07.037: EAPOL pak dump Tx
*Mar 8 00:03:07.037: EAPOL Version: 0x3 type: 0x0 length: 0x0456
*Mar 8 00:03:07.037: EAP code: 0x1 id: 0x3 length: 0x0456 type: 0xD
*Mar 8 00:03:07.037: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called
*Mar 8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:07.037: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar 8 00:03:07.037: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar 8 00:03:07.037: EAPOL pak dump rx
*Mar 8 00:03:07.037: EAPOL Version: 0x1 type: 0x0 length: 0x0006
*Mar 8 00:03:07.037: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 6
*Mar 8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar 8 00:03:07.037: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0006
*Mar 8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet
*Mar 8 00:03:07.037: EAPOL pak dump rx
*Mar 8 00:03:07.037: EAPOL Version: 0x1 type: 0x0 length: 0x0006
*Mar 8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1
*Mar 8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA
*Mar 8 00:03:07.037: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)
*Mar 8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response
*Mar 8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called
*Mar 8 00:03:07.037: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called
*Mar 8 00:03:07.037: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'
*Mar 8 00:03:07.046: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X
*Mar 8 00:03:07.046: RADIUS(000001C7): Config NAS IP: 0.0.0.0
*Mar 8 00:03:07.046: RADIUS/ENCODE(000001C7): acct_session_id: 724
*Mar 8 00:03:07.046: RADIUS(000001C7): sending
*Mar 8 00:03:07.046: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59
*Mar 8 00:03:07.046: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/85, len 253
*Mar 8 00:03:07.046: RADIUS: authenticator 1C D7 6D 40 A3 D6 BA B1 - A7 E6 70 DA 32 83 2E 19
*Mar 8 00:03:07.046: RADIUS: User-Name [1] 31 "host/D0902MALL005.IN.intranet"
*Mar 8 00:03:07.046: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 8 00:03:07.046: RADIUS: Framed-MTU [12] 6 1500
*Mar 8 00:03:07.046: RADIUS: Called-Station-Id [30] 19 "D4-A0-2A-EE-14-81"
*Mar 8 00:03:07.046: RADIUS: Calling-Station-Id [31] 19 "D4-3D-7E-65-4F-C1"
*Mar 8 00:03:07.046: RADIUS: EAP-Message [79] 8
*Mar 8 00:03:07.046: RADIUS: 02 03 00 06 0D 00
*Mar 8 00:03:07.046: RADIUS: Message-Authenticato[80] 18
*Mar 8 00:03:07.046: RADIUS: 73 1D 89 5C 66 19 32 B6 63 C2 64 C1 04 42 A9 F9 [ s\f2cdB]
*Mar 8 00:03:07.046: RADIUS: EAP-Key-Name [102] 2 *
*Mar 8 00:03:07.046: RADIUS: Vendor, Cisco [26] 49
*Mar 8 00:03:07.046: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0A1AED0B000000EE240F5BAB"
*Mar 8 00:03:07.046: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
*Mar 8 00:03:07.046: RADIUS: NAS-Port [5] 6 50001
*Mar 8 00:03:07.046: RADIUS: NAS-Port-Id [87] 17 "FastEthernet0/1"
*Mar 8 00:03:07.046: RADIUS: State [24] 30
*Mar 8 00:03:07.046: RADIUS: 00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1 [ oQKnEKkHw]
*Mar 8 00:03:07.046: RADIUS: NAS-IP-Address [4] 6 10.26.237.11
*Mar 8 00:03:07.046: RADIUS: Acct-Session-Id [44] 10 "000002D4"
*Mar 8 00:03:07.046: RADIUS(000001C7): Started 3 sec timeout
*Mar 8 00:03:07.113: RADIUS: Received from id 1645/85 10.26.13.59:1812, Access-Challenge, len 378
*Mar 8 00:03:07.113: RADIUS: authenticator 1A 85 26 09 58 84 BC D4 - E0 A9 E3 C0 25 31 2D 31
*Mar 8 00:03:07.113: RADIUS: EAP-Message [79] 255
*Mar 8 00:03:07.121: RADIUS: 01 04 01 32 0D 00 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 [2ficate Authorit]
*Mar 8 00:03:07.121: RADIUS: 79 20 28 53 69 67 6E 69 6E 67 29 31 3F 30 3D 06 09 2A [y (Signing)1?0=*]
*Mar 8 00:03:07.121: RADIUS: 86 48 86 F7 0D 01 09 01 16 30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D [H0d6bb4f70-f412-]
*Mar 8 00:03:07.121: RADIUS: 34 35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36 [4552-aee2-c7a026]
*Mar 8 00:03:07.121: RADIUS: 66 62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63 [[email protected]]
*Mar 8 00:03:07.121: RADIUS: 6F 6D 00 CB 30 81 C8 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 [om010UUS10UCalif]
*Mar 8 00:03:07.121: RADIUS: 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E 6E 79 76 61 6C [ornia10USunnyval]
*Mar 8 00:03:07.121: RADIUS: 65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E 65 74 77 6F 72 [e10UAruba Networ]
*Mar 8 00:03:07.121: RADIUS: 6B 73 31 36 30 34 06 03 55 04 03 0C 2D 43 6C 65 61 72 50 61 73 [ks1604U-ClearPas]
*Mar 8 00:03:07.121: RADIUS: 73 20 4F 6E 62 6F 61 72 64 20 4C 6F 63 61 6C 20 [s Onboard Local ]
*Mar 8 00:03:07.121: RADIUS: 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 [Certificate Auth]
*Mar 8 00:03:07.121: RADIUS: 6F 72 69 74 79 31 3F 30 3D 06 09 2A 86 48 86 F7 0D 01 09 01 16 [ ority1?0=*H]
*Mar 8 00:03:07.121: RADIUS: EAP-Message [79] 55
*Mar 8 00:03:07.121: RADIUS: 30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D 34 [0d6bb4f70-f412-4]
*Mar 8 00:03:07.121: RADIUS: 35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36 66 [552-aee2-c7a026f]
*Mar 8 00:03:07.121: RADIUS: 62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63 6F [[email protected]]
*Mar 8 00:03:07.121: RADIUS: 6D 0E 00 00 00 [ m]
*Mar 8 00:03:07.121: RADIUS: Message-Authenticato[80] 18
*Mar 8 00:03:07.121: RADIUS: 4C 46 AA B9 A5 D5 DF EA DB E7 2B 7B 51 7E 58 3F [ LF+{Q~X?]
*Mar 8 00:03:07.121: RADIUS: State [24] 30
*Mar 8 00:03:07.121: RADIUS: 00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1 [ E
*Mar 8 00:03:07.121: RADIUS(000001C7): Received from id 1645/85
*Mar 8 00:03:07.121: RADIUS/DECODE: EAP-Message fragments, 253+53, total 306 bytes
*Mar 8 00:03:07.130: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA
*Mar 8 00:03:07.130: dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)
*Mar 8 00:03:07.130: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request
*Mar 8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar 8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar 8 00:03:07.130: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:07.130: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:07.130: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:07.130: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:07.130: EAPOL pak dump Tx
*Mar 8 00:03:07.130: EAPOL Version: 0x3 type: 0x0 length: 0x0132
*Mar 8 00:03:07.130: EAP code: 0x1 id: 0x4 length: 0x0132 type: 0xD
*Mar 8 00:03:07.130: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called
*Mar 8 00:03:07.138: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:07.138: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar 8 00:03:07.138: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar 8 00:03:07.138: EAPOL pak dump rx
*Mar 8 00:03:07.138: EAPOL Version: 0x1 type: 0x0 length: 0x05D4
*Mar 8 00:03:07.138: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 1492
*Mar 8 00:03:07.138: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar 8 00:03:07.138: dot1x-ev(Fa0/1):
^Z
Malleswaram_2960#
*Mar 8 00:03:07.180: RADIUS: State [24] 30
*Mar 8 00:03:07.180: RADIUS: 00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1 [ E
*Mar 8 00:03:07.180: RADIUS: NAS-IP-Address [4] 6 10.26.237.11
*Mar 8 00:03:07.180: RADIUS: Acct-Session-Id [44] 10 "000002D4"
*Mar 8 00:03:07.180: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar 8 00:03:07.893: %SYS-5-CONFIG_I: Configured from console by jameela on vty0 (10.26.20.5)
Malleswaram_2960#
*Mar 8 00:03:10.225: RADIUS(000001C7): Request timed out
*Mar 8 00:03:10.225: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar 8 00:03:10.225: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar 8 00:03:13.354: RADIUS(000001C7): Request timed out
*Mar 8 00:03:13.354: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar 8 00:03:13.354: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar 8 00:03:16.307: RADIUS(000001C7): Request timed out
*Mar 8 00:03:16.307: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar 8 00:03:16.307: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar 8 00:03:19.369: RADIUS(000001C7): Request timed out
*Mar 8 00:03:19.369: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar 8 00:03:19.369: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar 8 00:03:22.456: RADIUS(000001C7): Request timed out
*Mar 8 00:03:22.456: RADIUS: Fail-over denied to (10.26.13.59:1812,1813) for id 1645/86
*Mar 8 00:03:22.456: RADIUS: No response from (10.26.13.59:1812,1813) for id 1645/86
*Mar 8 00:03:22.456: RADIUS/DECODE: parse response no app start; FAIL
*Mar 8 00:03:22.456: RADIUS/DECODE: parse response; FAIL
*Mar 8 00:03:22.456: dot1x-ev(Fa0/1): Received an EAP Fail
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): Posting EAP_FAIL for 0xB0000DBA
*Mar 8 00:03:22.456: dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 10(eapFail)
*Mar 8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_fail
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_fail_enter called
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_fail_action called
*Mar 8 00:03:22.456: dot1x_auth_bend Fa0/1: idle during state auth_bend_fail
*Mar 8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_fail -> auth_bend_idle
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): Posting AUTH_FAIL on Client 0xB0000DBA
*Mar 8 00:03:22.456: dot1x_auth Fa0/1: during state auth_authenticating, got event 15(authFail)
*Mar 8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_authc_result
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authc_result_enter called
*Mar 8 00:03:22.456: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar 8 00:03:22.456: dot1x-ev(Fa0/1): Sending event (2) to Auth Mgr for d43d.7e65.4fc1
*Mar 8 00:03:22.456: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB
*Mar 8 00:03:22.456: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB
*Mar 8 00:03:22.456: dot1x-redundancy: State for client d43d.7e65.4fc1 successfully retrieved
*Mar 8 00:03:22.456: dot1x-ev(Fa0/1): Received Authz fail for the client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): Posting_AUTHZ_FAIL on Client 0xB0000DBA
*Mar 8 00:03:22.456: dot1x_auth Fa0/1: during state auth_authc_result, got event 22(authzFail)
*Mar 8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authc_result -> auth_held
*Mar 8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_enter called
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:22.464: EAPOL pak dump Tx
*Mar 8 00:03:22.464: EAPOL Version: 0x3 type: 0x0 length: 0x0004
*Mar 8 00:03:22.464: EAP code: 0x4 id: 0x4 length: 0x0004
*Mar 8 00:03:22.464: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): Posting FAILOVER_RETRY on Client 0xB0000DBA
*Mar 8 00:03:22.464: dot1x_auth Fa0/1: during state auth_held, got event 21(failover_retry)
*Mar 8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_held -> auth_restart
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_exit called
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_restart_action called
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA
*Mar 8 00:03:22.464: dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar 8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): Posting REAUTH_MAX on Client 0xB0000DBA
*Mar 8 00:03:22.464: dot1x_auth Fa0/1: during state auth_connecting, got event 11(reAuthMax)
*Mar 8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_disconnected
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): d43d.7e65.4fc1:auth_disconnected_enter sending canned failure to version 1 supplicant
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:22.464: EAPOL pak dump Tx
*Mar 8 00:03:22.464: EAPOL Version: 0x3 type: 0x0 length: 0x0004
*Mar 8 00:03:22.464: EAP code: 0x4 id: 0x5 length: 0x0004
*Mar 8 00:03:22.464: dot1x-packet(Fa0/1): dot1x_auth_txCannedStatus: EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar 8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_disconnected_reAuthMax_action called
*Mar 8 00:03:22.464: dot1x_auth Fa0/1: idle during state auth_disconnected
*Mar 8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart
*Mar 8 00:03:22.464: dot1x-ev(Fa0/1): Sending event (1) to Auth Mgr for d43d.7e65.4fc1
*Mar 8 00:03:22.464: dot1x-ev:Delete auth client (0xB0000DBA) message
*Mar 8 00:03:22.464: dot1x-ev:Auth client ctx destroyed
*Mar 8 00:03:22.674: AAA/BIND(000001C8): Bind i/f
*Mar 8 00:03:22.674: dot1x_auth Fa0/1: initial state auth_initialize has enter
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_initialize_enter called
*Mar 8 00:03:22.674: dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)
*Mar 8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_disconnected_enter called
*Mar 8 00:03:22.674: dot1x_auth Fa0/1: idle during state auth_disconnected
*Mar 8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_enter called
*Mar 8 00:03:22.674: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0x4A000DBB (0000.0000.0000)
*Mar 8 00:03:22.674: dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_initialize_enter called
*Mar 8 00:03:22.674: dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle
*Mar 8 00:03:22.674: dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)
*Mar 8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_enter called
*Mar 8 00:03:22.674: dot1x-ev(Fa0/1): Created a client entry (0x4A000DBB)
*Mar 8 00:03:22.674: dot1x-ev(Fa0/1): Dot1x authentication started for 0x4A000DBB (0000.0000.0000)
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0x4A000DBB
*Mar 8 00:03:22.674: dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar 8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_enter called
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_connecting_action called
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0x4A000DBB
*Mar 8 00:03:22.674: dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar 8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_authenticating_enter called
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_authenticating_action called
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): Posting AUTH_START for 0x4A000DBB
*Mar 8 00:03:22.674: dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar 8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called
*Mar 8 00:03:22.674: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:22.674: dot1x-ev(Fa0/1): Role determination not required
Malleswaram_2960#
*Mar 8 00:03:22.674: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 8 00:03:22.674: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:22.674: EAPOL pak dump Tx
*Mar 8 00:03:22.674: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 8 00:03:22.674: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 8 00:03:22.674: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (0000.0000.0000)
*Mar 8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_request_action called
*Mar 8 00:03:22.791: dot1x-ev(Fa0/1): New client notification from AuthMgr for 0x4A000DBB - d43d.7e65.4fc1
*Mar 8 00:03:22.791: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar 8 00:03:25.761: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB
*Mar 8 00:03:25.761: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)
*Mar 8 00:03:25.761: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request
*Mar 8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called
*Mar 8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called
*Mar 8 00:03:25.761: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:25.761: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:25.761: dot1x-registry:registry:dot1x_ether_macaddr called
Malleswaram_2960#n
*Mar 8 00:03:25.761: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:25.761: EAPOL pak dump Tx
*Mar 8 00:03:25.761: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 8 00:03:25.761: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 8 00:03:25.761: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)
Malleswaram_2960#no debu
Malleswaram_2960#no debug
*Mar 8 00:03:28.848: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB
*Mar 8 00:03:28.848: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)
*Mar 8 00:03:28.848: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request
*Mar 8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called
*Mar 8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called
*Mar 8 00:03:28.848: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 8 00:03:28.848: dot1x-ev(Fa0/1): Role determination not required
*Mar 8 00:03:28.848: dot1x-registry:registry:dot1x_ether_macaddr called
Malleswaram_2960#no debug all
*Mar 8 00:03:28.848: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 8 00:03:28.848: EAPOL pak dump Tx
*Mar 8 00:03:28.848: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 8 00:03:28.848: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 8 00:03:28.848: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)
Malleswaram_2960#no debug all
All possible debugging has been turned off
Malleswaram_2960#
*Mar 8 00:03:31.180: AAA: parse name=tty1 idb type=-1 tty=-1
*Mar 8 00:03:31.180: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
*Mar 8 00:03:31.180: AAA/MEMORY: create_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' ds0=0 port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0) key=C9A1F1D1
*Mar 8 00:03:31.389: TAC+: (-1901802859): received author response status = PASS_ADD
*Mar 8 00:03:31.389: AAA/MEMORY: free_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15
*Mar 8 00:03:31.935: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar 8 00:03:31.935: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar 8 00:03:31.935: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar 8 00:03:31.935: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar 8 00:03:31.935: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#no deb
Malleswaram_2960#no debug al
Malleswaram_2960#no debug all
All possible debugging has been turned off
Malleswaram_2960#
*Mar 8 00:04:32.677: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar 8 00:04:41.938: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar 8 00:04:41.938: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar 8 00:04:41.938: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar 8 00:04:41.938: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar 8 00:04:41.938: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar 8 00:05:42.654: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar 8 00:05:51.915: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar 8 00:05:51.915: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar 8 00:05:51.915: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar 8 00:05:51.915: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar 8 00:05:51.915: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Pls dont worry about day and time. -
Configuring wired 802.1x with Cisco 2950 and NPS 2012 problem
Hi,
I am trying to setup wired authentication on my corporate network. For testing purposes, I have setup a Cisco 2950 switch for RADIUS authentication.
On the first day of the test, access messages were appearing on the event log of the 2012 Server and we were trying to address the issues with EAP and policy.(Network Policy and Access services)
Then, suddenly no events are written to the event log for the wired authentication. Accounting data is written to the log file at c:\windows\system32\logfiles, but nothing happens on the event log as if the NPS is not answering. We are using the same server for wireless 802.1x and all is working fine.
Checking the wired autoconfig log on the client, Restart Reason : Onex Auth Timeout appears.
Logging seems to be configured properly, there are no entries in event log. Below is the debug information from the 2950 switch;
KAT2-BATISW1#
00:18:28: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
0/17
00:18:28: dot1x-registry:dot1x_port_linkcomingup invoked on interface FastEthern
et0/17
00:18:28: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface FastEth
ernet0/17
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x_auth Fa0/17: initial state auth_initialize has enter
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_initialize_enter called
00:18:28: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0
00:18:28: dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
uto)
00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_disconnected_enter_action called
00:18:28: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
D
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
HORIZED
00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to send po
rt to unauthorized on vlan 0
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
astEthernet0/17
00:18:28: dot1x-ev: GuestVlan configured=0
00:18:28: dot1x-ev:supplicant 0000.0000.0000 is default
00:18:28: dot1x-ev:supplicant 0000.0000.0000 is last
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/17
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x_auth Fa0/17: idle during state auth_disconnected
00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_enter called
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
00:18:28: dot1x-sm:Dot1x Initialize State Entered
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
6383(idle)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:28: dot1x-sm:Dot1x Idle State Entered
00:18:28: dot1x-ev:Created port supplicant block 0000.0000.0000 expected_id=0 cu
rrent_id=0
00:18:28: dot1x-ev:dot1x_init_sb_oper_info:Default port supplicant at memloc 80D
71C74
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=1
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
000.0000.0000
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:28: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x_auth Fa0/17: initial state auth_initialize has enter
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_initialize_enter called
00:18:28: dot1x-ev:auth_initialize_enter:0024.1d10.d7c5: Current ID=0
00:18:28: dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
uto)
00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_disconnected_enter_action called
00:18:28: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
D
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
HORIZED
00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0024.1d10.d7c5 to send po
rt to unauthorized on vlan 0
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
astEthernet0/17
00:18:28: dot1x-ev: GuestVlan configured=0
00:18:28: dot1x-ev:supplicant 0024.1d10.d7c5 is last
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:0024.1d10.d7c5 is now unauthorized on port FastEthernet0/17
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x_auth Fa0/17: idle during state auth_disconnected
00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
00:18:28: dot1x-sm:Dot1x Initialize State Entered
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
6383(idle)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:28: dot1x-sm:Dot1x Idle State Entered
00:18:28: dot1x-ev:Created port supplicant block 0024.1d10.d7c5 expected_id=1 cu
rrent_id=1
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Request(Id), id 0, ver 1, len 5 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:28: dot1x-packet:Rx EAP-Response(Id), id 0, ver 1, len 21 (Fa0/17)
00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:18:28: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:18:28: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:18:28: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:18:28: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:18:28: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:18:28: dot1x-sm:Started the ServerTimeout Timer
00:18:28: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and leng
th = 21
00:18:28: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967283
00:18:28: dot1x-ev:Couldn't Find a process thats already handling the request fo
r this id 0
00:18:28: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
.1d10.d7c5, VLAN 0 on pending request queue
00:18:28: dot1x-ev:Found a free slot at slot 0
00:18:28: dot1x-ev:Found a free slot at slot 0
00:18:28: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
24.1d10.d7c5, VLAN 0 from pending request queue
00:18:28: dot1x-ev:Request id = -13 and length = 21
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
t0/17
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Username is DUZEY\SAYTAMANER
00:18:28: dot1x-ev:MAC Address is 0024.1d10.d7c5
00:18:28: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:30: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up
00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:46: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:18:46: dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
apStart)
00:18:46: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
led
00:18:46: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
00:18:46: dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
nitialize)
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
00:18:46: dot1x-sm:Dot1x Initialize State Entered
00:18:46: dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:46: dot1x-sm:Dot1x Idle State Entered
00:18:46: dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
Abort_noeapLogoff)
00:18:46: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:18:46: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:18:46: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:46: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
00:18:46: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:46: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:46: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:18:46: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:18:46: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:18:46: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:18:46: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:18:46: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:18:46: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:18:46: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:18:46: dot1x-sm:Started the ServerTimeout Timer
00:18:46: dot1x-ev:Going to Send Request to AAA Client on RP for id = 1 and leng
th = 21
00:18:46: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967284
00:18:46: dot1x-ev:Found a process thats already handling therequest for this id
1
00:18:48: dot1x-err:Dot1x Authentication failed (AAA_AUTHEN_STATUS_ERROR)
00:18:48: dot1x-ev:Received VLAN is No Vlan
00:18:48: dot1x-ev:Enqueued the response to BackEnd
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Received QUEUE EVENT in response to AAA Request
00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:dot1x_process_txWhen_expire called
00:18:58: dot1x_auth Fa0/17: during state auth_connecting, got event 19(txWh
en_expire)
00:18:58: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_connecting
00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_connecting_action calle
d
00:18:58: dot1x-ev:dot1x_post_message_to_auth_sm: Skipping tx for req_id for def
ault supplicant
00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:19:07: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:19:07: dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
apStart)
00:19:07: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
led
00:19:07: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
00:19:07: dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
nitialize)
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
00:19:07: dot1x-sm:Dot1x Initialize State Entered
00:19:07: dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:19:07: dot1x-sm:Dot1x Idle State Entered
00:19:07: dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
Abort_noeapLogoff)
00:19:07: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:19:07: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:19:07: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:19:07: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/17)
00:19:07: dot1x-registry:registry:dot1x_ether_macaddr called
00:19:07: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:19:07: dot1x-packet:Rx EAP-Response(Id), id 2, ver 1, len 21 (Fa0/17)
00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:19:07: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:19:07: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:19:07: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:19:07: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:19:07: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:19:07: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:19:07: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:19:07: dot1x-sm:Started the ServerTimeout Timer
00:19:07: dot1x-ev:Going to Send Request to AAA Client on RP for id = 2 and leng
th = 21
00:19:07: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967285
00:19:07: dot1x-ev:Couldn't Find a process thats already handling the request fo
r this id 2
00:19:07: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
.1d10.d7c5, VLAN 0 on pending request queue
00:19:07: dot1x-ev:Found a free slot at slot 0
00:19:07: dot1x-ev:Found a free slot at slot 0
00:19:07: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
24.1d10.d7c5, VLAN 0 from pending request queue
00:19:07: dot1x-ev:Request id = -11 and length = 21
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
t0/17
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Username is DUZEY\SAYTAMANER
00:19:07: dot1x-ev:MAC Address is 0024.1d10.d7c5
00:19:07: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:19: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
0/17
00:19:19: dot1x-ev:supp_info=80D7E584 txWhen_timer=80D7E5D4 quietWhile_timer=80D
7E594reAuthWhen_timer=80D7E5B4 awhile_timer=80D7E5F4
00:19:19: dot1x-ev:destroy supplicant block for 0024.1d10.d7c5
00:19:19: dot1x-ev:supp_info=80D71C74 txWhen_timer=80D71CC4 quietWhile_timer=80D
71C84reAuthWhen_timer=80D71CA4 awhile_timer=80D71CE4
00:19:19: dot1x-ev:destroy supplicant block for 0000.0000.0000
00:19:19: dot1x-ev:Enter function dot1x_aaa_acct_end
00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:19:19: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:19:19: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
This is driving me crazy, working on it for a whole week and no results..
Thank you..Hi again,
I have put the config on 2960. Now as soon as the authentication starts, this is the message on debug;
dot1x authentication unable to start - authenticator not enabled..
Any ideas?
regards,
onur -
Need help in configuring Cisco AP to support EAP authentication
Hello all,
in desperation after trying for more than 3 weeks, I am trying in this way to get a solution to my following problem.
I am trying to build up as 802.1x scenario using 802.11b infrastructure (RADIUS server, Cisco 1100 Aironet AP, Cisco PCMCIA WLAN card with Xsupplicant software, the complete OS is Linux). I am trying to use EAP-MD5 authentication. It seems that the things are funtioning in standalone mode.
The client wants to authenticate to access WLAN. It sends EAPoL start packet and gets a request from AP for user identity. Good. Then the user sends his identity with EAP packet. The Cisco AP is forwarding the request to RDAIUS server as specified in many documents. It is also Good. RADIUS server is sending a request for challenge (Password). Upto this point things are gooing fine.
Now the Cisco AP is not sending this challenge to the
Xsupplicant, it is just ignoring it. Can any one help me in this point. If needed I can also send the configuration file of the AP.
I would be very thankful, if I could solve this Problem with your support.
Thanking you in advance,
FelixAs per the RFC for RADIUS, a RADIUS Server receiving an Access-Request with a Message- Authenticator Attribute present MUST calculate the correct value of the Message-Authenticator and silently discard the packet if it does not match the value sent. A RADIUS Client receiving an Access-Accept, Access-Reject or Access-Challenge with a Message-Authenticator Attribute present MUST calculate the correct value of the Message-Authenticator and silently discard the packet if it does not match the value sent.
-
WiFi ( 802.1x EAP TTLS PAP ): Unable to connect since 2.3.3 update
I previously posted this on the Motorola Owner's Forum and am still waiting for a fix or at least an official confirmation of the problem.
Ever since the 2.3.3 update, I have been unable to connect to the wireless network at work. The connection worked fine prior to the update. The connection at home with WPA still works fine.
The network status cycles through the following sequence:
Scanning...
Connecting to <network>...
Obtaining IP address from <network>...
Disconnected
The corporate configuration is as follows:
Security: 802.1x
EAPEAP method: TTLS
Phase 2 authentication: PAP
CA certificate: (unspecified)
User certificate: (unspecified)
Use proxy server: (unchecked)
When I go into Manage Networks and select Modify network for the configuration, I find that Phase 2 authentication always shows None. If I change it to PAP and then click Save, the setting does not stick: the next time I check the configuration, it is None.
I've done a factory reset. I've configured the network settings with WiFi Advanced Configuration Editor. I've configured the network settings with WiFiConfig Editor Pro. All to no avail.
Please help. I need to be able to connect to the corporate network. If there is a known issue, it would be nice if someone would at least confirm it. Thank you.My original Droid actually worked with the Andriod 2.0 release, but 2.1 broke it and it hasn't worked since. I believe the Android codebase DID fix this, however Verizon has not made it a priority to include the fix in their releases. I now have a Droid 4 running 2.3.6 and it is still broken. Many of my coworkers have this same issue, but ONLY THE ONES ON VERIZON! Other carriers have apparently figured out how to port this fix into their releases, regardless of which Android phone.
Come on Verizon, fix this so we can stop wasting your 4G bandwidth!!! -
Trouble with EAP-TLS with Wireless before Windows logon
Ill start with a list of equipment;
5508 WLC
3502i AP's
Cisco ACS 5.3
Windows 7 clients
WLAN is configure with WPA2/AES with 802.1x for key management.
Client is configure with WPA2/AES, auth method is Microsoft: Smart Card or other certificate on computer. Auth mode is User or Computer authentication. The client is configured to use a certificate on the computer. "It only works if user or computer auth is seected." If i use Computer Authenticate option......its says it cant find a certificate to use for EAP.
ACS is configured to only allow for protocol EAP-TLS.
We have created a standalone CA server and have distributed the CA root and client authentication certificates to all test systems.
This whole process with EAP-TLS works great if you are already logged in to the machine, with cache credentials. Once I log off the Windows 7 client, I lose connection to the WLAN. We would like to stay logged on to the WLAN. PEAP w/ MSCHAPV2 works great with staying connected to the WLAN but we want to use EAP-TLS.
Any ideas??
Thanks in advanced,
RyanHi Ryan,
You actually answer your own question :) The reason for the fault is because the Machine Account doesn't have a Certificate, so when your User logs off the Machine Account can't login to keep the session going, and thus you get disconnected. Provide the Machine Account with a Certificate and your problem will be resolved.
Richard -
I'm not very familiar with the different types of wireless security out there. I'm going back to school next week and need to setup my laptop for the school's wireless. I'm currently using networkmanager (which I'm loving btw). The requirements for the schools wireless are:
SSID (aka, Network Name): psu *note that the SSID is case sensitive and must be all lower case
Network Type: Infrastructure
Security: WPA2-Enterprise (not WPA2-PSK)
Encryption: AES
Authentication Type: EAP-TTLS
Authentication Protocol: PAP
Certificate Authority: Thawte Premium Server CA
Authentication Server: radius1.aset.psu.edu
If allowed by your client program, it is also recommended that you enable options to Validate Server Certificate and Verify Server Name.
When I go to setup a new connection, the only authentication options i have are TLS, LEAP, Tunneled TLS, and Protected EAP(PEAP). Is there another package I need to install for EAP-TTLS?I don't know much about wireless, but the EAP page at wikipedia would lead me to believe that Tunneled TLS (= TTLS) is the one you want. There doesn't seem to be such a thing as 'standalone TTLS' if you get my meaning; searching wikipedia for TTLS just redirects to the EAP page.
-
AP with EAP and managment control through ACS
I have deployed a number of wireless networks with EAP authenticated through the users domain account details passed to ACS 4.1. This appears to work fine, but I have two questions regarding control of access.
1. I have configured RADIUS for the EAP and then added TACACS+ for the management access of the AP. Although going back to the same ACS server with different protocols I am unable to get the managment access control to work if both are active? Should this work?
2. How do I control which VLAN / SSID a user has access to? it seems as though there is no way to limit them to a specific SSID (other than not telling them it) If the users have a guess at the SSID then the possibility is that they can access a LAN they should not.
Any help would be very greatfully received.Hi ihill,
in answer to your second question there is a couple of ways that you can do this depending on the amount of control you have over your clients.
You could use dynamic VLAN assignment:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
You could use Active Directory wirelss group policy to define prefered wirless networks for your clients
Or you could use a 3rd party supplicant like the Juniper Network's Odyssey Access Client
http://www.juniper.net/products_and_services/aaa_and_802_1x/odyssey/odyssey_access_client/
hope this helps
Mark
*pls rate all useful posts -
Support for EAP-TTLS-PAP (as used by Eduroam) in N...
When it will be available a solution to the lack of support for EAP-TTLS-PAP (as used by Eduroam) in Nokia N86 8MP throught a new firmware?
To many years waiting... Must we go to another solution?
Thx.I have succeed to import the local certificate using the instructions in
http://www.jacco2.dds.nl/networking/symbian_cert_import.html
then the description in
http://www.reading.ac.uk/internal/its/eduroam/its-eduroam-config-nokia-n95.aspx
works with the given certificate. -
How to configure Windows server 2003 with WebDav
Can anyone advise on the best way to configure Windows server 2003 with WebDav so I can get the likes of some of those Apps such as PDF Expert and GoodReader to see the folders.
I have installed the necessary services and on a Windows PC and can browse to the URL OK which lists the files (setup using a Virtual Directory).
When I tried using this with GoodReader/PDF Expert, it could not find the server in question.
Can anyone help me?Hello,
Please make sure you have checked "anonymous users" on receive connector.
Do you mean you can't send an email to external email address? If so, please post the detailed NDR information.
Please use get-receiveconnector | fl cmdlet to check your receive conenctor configuration.
Cara Chen
TechNet Community Support
Maybe you are looking for
-
My macbook pro is running slow and I did the etrecheck for it could someone tell me what to do next ?
-
I have the following practice program:import java.util.*; public class ShowRoom private List<Car> list; public ShowRoom() list = new ArrayList<Car>(); protected void putInRoom(Car car) list.add(car); protected void tak
-
How to cancel a transaction in Oracle Lite 10g R3
Hi, I have a publication with 7 publication items (updatables), Server wins in any conclict. I made some changes in some records of the 7 tables of my oracle lite database. I synchronize the changes, without any error messages, But I cannot find thos
-
How to show waveform in Vivado simulation window? The waveform is absent for some signals.
Hi, I have the following verilog code: `timescale 1ns / 1ps module top( reg clk = 1; always #1.25 clk <= ~clk; wire temp; //wire temp2; // added later assign temp = clk; //assign temp2 = clk; //added later endmodule When I simulate this, I see "CLK"
-
Some Users unable to download my podcast. Help!
I announced my new podcast show, Glasscaster, to my industry yesterday. Many people report happy download results, but a few have had their share of problems. Here's my link: http://web.mac.com/marciedavis/iWeb/Site/Podcast/Podcast.html One of the pe