Dot1x port-control auto protocol down (ACS5.3)

Similar Messages

• Dot1x port authentication configuration

  Hello Friends,
  I am working on dot1x configuration deployment project and wanted to clear one confusion, I am having simple setup in which after authentication, workstation should go to vlan decided by ACS and after failed authenticatio, workstation should go to Guest or auth-fail any one is fine since I will keep both same.
  So I can understand that basic config should be as follows considering old IOS.
  int fas0/1
  dot1x port-control auto
  switchport mode access
  switchport guest-vlan 10
  switchport auth-fail valn 10
  Now I had see many configuration examples and found that many have defined vlan's in switchport mode access [5]
  Why is this command needed since vlan will be assigned from ACS, Could somone tell me why few configuration have defind ports in some vlans already ?
  Also what can be best practice in case ACS server goes down, since in that scenario all workstation will fail into auth-fail or Guest vlan's.
  Is there any Best practices for such scenario's ?????
  Thanks
  Ajay

  i found the answer this morning :
  "IEEE 802.1X Authentication with Wake on LAN
  The IEEE 802.1X authentication with wake on LAN (WoL) feature allows dormant PCs to be powered when the switch receives a specific Ethernet frame, known as the “magic packet.” You can use this feature in environments where administrators need to connect to systems that have been powered off.
  When a host that uses WoL is attached through an 802.1X port and the host powers off, the 802.1X port becomes unauthorized. The port can only receive and send EAPOL packets, and WoL magic packets cannot reach the host. When the PC is powered off, it is not authorized, and the switch port is not opened.
  When the switch uses 802.1X authentication with WoL, the switch forwards traffic to unauthorized 802.1x ports, including magic packets. While the port is unauthorized, the switch continues to block ingress traffic other than EAPOL packets. The host can receive packets but cannot send packets to other devices in the network."
  describes exactly the problem i have, and i cant fix it because if i remove the "authentication port-control auto" the computer does not authenticate anymore :/

• Cascade a switch to a dot1x port

  Need help.. I'm trying to cascade a un-managed switch to a parent swith with a dot1x enabled port. IOS Ver of both switches (slave & parent ) are dot1x compliant.
  Config Settings of my Parent switch:
  dot1x system-auth-control
  dot1x guest-vlan supplicant
  int f0/15
  switchport mode access
  dot1x port-control auto
  dot1x host-mode multi-host
  dot1x timeout quiet-period 3
  dot1x timeout tx-period 15
  dot1x max-req 5
  spanning-tree portfast
  No configuration is set on my slave switch because I want to do a straightforward cascade. Is it possible ?
  Thanks...

  I am not sure if this is possible. If you are connecting two switches, then the ports need to be trunk ports. Right? I guess dot1.x will work on the access ports only. Anyone any comments?

• Dot1x Port Autnetication Error

  I can't get port authentication to work with our ACS 4.0. Cisco 3560 log attached below. I need help!
  interface GigabitEthernet0/3
  switchport access vlan 10
  switchport mode access
  mls qos trust dscp
  dot1x pae authenticator
  dot1x dot1x port-control auto
  dot1x timeout server-timeout 60
  dot1x reauthentication
  dot1x guest-vlan 500
  spanning-tree portfast
  Global Config
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization network default group radius
  dot1x system-auth-control
  Any ideas where I need to go to fix would be much appriciated!
  Thanks!

  Yes authentication fails. In windows it says it is validating user and eventually fails authentication.
  PTHA-MDF-SW-04#sh dot1x int gi0/3
  Dot1x Info for GigabitEthernet0/3
  PAE = AUTHENTICATOR
  PortControl = AUTO
  ControlDirection = Both
  HostMode = SINGLE_HOST
  ReAuthentication = Enabled
  QuietPeriod = 60
  ServerTimeout = 60
  SuppTimeout = 30
  ReAuthPeriod = 3600 (Locally configured)
  ReAuthMax = 2
  MaxReq = 2
  TxPeriod = 30
  RateLimitPeriod = 0
  Guest-Vlan = 500
  I am not seeing any log entrys in ACS! This is getting to be silly. Why is it so dificult to get a Cisco product to work with a Cisco product. I am about to throw out the ACS box.
  Aren't the cisco log enough to at least point me in some direction for troubleshooting?

• What trigger Line Protocol Down?

  Hi,
  Recently I encountered a problem on "line protocol down" as I'd posted on 4th April.
  Could anyone direct me to any webpage or sites where there's a detail explaination of how & what would trigger a line protocol down. Or these kinda data-link failure. Thanks!
  With regards

  Hi Friend,
  There could be few reasons majorly physical layer issue when the line protocol goes down.
  Can you please update which interface was showing line protocol down. Logical interface (SVI) on layer 3 switch, physical port on layer 2/3 switch or any physical interface on router?
  If it is a physical interface on layer 2 switch it is majorly a physical layer issue or may be that particular vlan asscosiated to that port got deleted.
  If it is a layer 3 logical interface showing line protocol down may be there is no vlan associated to that vlan configured on layer 2 switch port or no trunk carrying that vlan on that switch.
  HTH, if yes please rate the post.
  Ankur

• Serial port control -- what's this code snippet?

  Hi, all.
  I've just become active working with LabView, version 6.0i. And this because of a program which "suddenly" stopped working, with no changes made by anyone that I can see (yeah, likely story, right?).
  In short, the screenshot which I'll include with this post is of one tiny code snippet buried deeply in the .vi which runs an X-Z positioning system. I'd like to know what people thing this code snippet does. I have my suspicions, but I can't believe that whoever wrote this code actually used it for this purpose!
  The X- and Z-positioners which I'm using are controlled by separate power sources, and separate ports on the computer. The X-positioner is ultra-fine-resolution, and has an optical encoder. It's controlled by the RS-232 port on the computer, and it's meant to be moved only a little at a time. The Z-positioner is a bit more coarse, and usually moves quite a bit at a time. It's serial-port controlled.
  The screenshot is of the portion of the code called "XMove" -- that portion of the code which controls the x-positioning stepper motor. Often, the Z-positioner is still running during this part of the code (the "ZMove" subroutine is called before the "XMove"), and then, after both parts of the positioner have stopped, the code should shut down the power to them, and update the position of the translation stage.
  However, once the code gets to this portion (screenshot), that while loop just keeps running.
  Here's what I think is happening (please correct me if I'm wrong!): The Z-positioner is run by the serial port, which, as far as I know, can be controlled by only one device at a time. Thus, this While loop does the following:
  1) attempts to write the characters "1R" followed by a linefeed to port 0 (the applicable serial port on this computer);
  2) reads how many characters are stored in the serial buffer;
  3) reads all the characters in the serial buffer;
  4) takes the first two characters from the string read;
  5) compares these two characters to *R;
  6) if the two characters are R, then the loop terminates and the code finishes.
  As far as I can tell (I've probed many parts of this structure), the code fails when the "N" portion passes the number of characters in the serial buffer to the "R" portion -- it's always zero. It appears to me that the "W" portion writes to the buffer AFTER the number of characters is read (I wouldn't have suspected this unless I'd run it many times and monitored which steps were done in which order). This ain't right!
  I found a similar question answered in the KnowledgeBase forum, but the answer to that one was that the serial port may have an "echo" mode. That doesn't change the fact that data is being from to the port before it's written, does it?
  Is there a way to make sure that the "read" statement happens AFTER the "write" statement? Am I way off base with what this code snippet should do? And, most importantly, *** is this a good way to tell if the Z-positioner is done with its job? ***. Is this a standard trick to tell if a program is done with the serial port?
  Thanks, all. I know the quandary of trying to debug with so few details, and not having the program in front of you. Any help is appreciated!
  Sincerely,
  Curtis Osterhoudt
  Attachments:
  VI_diagram.jpg ‏17 KB

  I suspect someone did change it, but they just don't realize they did.
  THe code snippet is an example of some very bad LV code! What you suspect is happeneing is indeed true. LV uses a data dependacy paradigm that says code execution order is dependent on data availablility. Data availability is determined by ythe rule that the output of a node or sub-VI is not available until the object completes.
  In you snipet, the only node that has to complete before the read bytes at port and the write to port VI is the the constant port number constant. That means that LV can execute either the write or the check bytes at port VI's first. This is determined at LV compile time. If for some reason LV decideds to compile in the write before the check bytes at port, the
  n the I/O may work as intended, BUT NOT POROGRAMMED!
  For a quick fix, put the contant port number and the write VI in a single frame sequence structure. This way the read from the constant and wire operation must comlplete before the seq completes, therby forcing the read stuff to wait.
  I hope this help,
  Ben
  Ben Rayner
  Certified LabVIEW Developer
  www.DSAutomation.com
  Ben Rayner
  I am currently active on.. MainStream Preppers
  Rayner's Ridge is under construction

• Mac shuts down if I do not keep either the Fn, Command or control button held down ?

  Hi. I have a mac book pro late 2011 model. I am running Mavericks but but I have a problem where my mac shuts down if I do not keep either the Fn, Command or control button held down. Also if/when this shut down happens I need to hold the shift-control-option keys to restart the mac.
  Anybody got any advice for me ?
  Many thanks
  Paul

  Try resetting the SMC.
  Barry

• Auto shot down no longer works

  I pulled a power plug out of my iMac. And now my 2 external Seagate drives no longer auto shut down. They stay on unless I pull my firewires 800 and 400 out.
  The new Free agent Seagate doesn't have the on and off buttons. Its very frustrating.
  What happened to my OSX ?

  Hi Girshon Rutstein-
  Have you tried un-mounting the drives before shutting down?
  Luck-
  -DP

• How come when i press the sleep on my MBP it auto shut down?

  How come when i press the sleep on my MBP it auto shut down?

  Pressing the Power Button brings up a dialog: "Restart Sleep Cancel Shut down (default button).
  Teddy Mack; are you just giving the Power Button a light touch, or holding it down?

• Vendor Master post code control in drop down option.

  Hi,
  I want to control In Vendor master drop down option, post code should not display in drop down for particular account group.
  How I can control in drop down option.
  Please help me.
  Br,
  Hanuman.

  Hi,
  As per your requirement, you want supress the drop down specific to the account group for given filed.
  Basically F4 option is coming from the search help defined for that specific field not by the account group. So as long as the serch help designed to that field it will always comes. You can not control that from any field selection keys.
  I hope you understand the concept of search help.
  Thanks,
  Satya.

• Line protocol down

  what are all possibilities for having line protocol down status.pls discuss in detail.

  please see below link to get detailed information.
  http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1915.htm

• When I plug in an USB to the usb port my computer shuts down

  I bought my macbook air a couple months ago and when I plug in the usb into the usb port my computer shuts down. I dont know why this happens, but is not always, just sometimes.
  Does anyone know why this is happening?

  Have you tried plugging the flash drive into a different Mac to see if it works? The Air shouldn't have any problem with it, I use a couple of flash drives in mine, although I don't have a pq1. Did you try both USB ports on the Air? Do you have another flash drive you can test in the Air, or a different USB device, like a hard drive or printer?
  The only thing I can think of is either a bad flash drive, or a bad USB port on the Air. Sorry, can't be more help than that.

• How we can control auto start/stop of db/listener on Unix/linux?

  How we can control auto start/stop of db/listener on Unix/linux?

  http://download-uk.oracle.com/docs/html/B10812_01/chapter2.htm#BABGDGHF

• Auto shuts down - could it be the power adapter?

  I'm having problems with my first generation macbook lately, it will auto shuts down (not sleep) with the power adapter still attached. And when it shuts down, the adapter still light up green. Im working without the battery, it is removed all the time cos it is dead already.
  Could the problem lies with the power adapter? but it's still shows green light, that means there is still power running thru? I would like to test with another power adapter but i don have friends who have a mac. I don't want to spend money one another power adapter, without knowing the cause.
  Is it possible to do a test on the power adpater? thanks!

  A test you could try (rather than another adapter) is to put the "dead" battery back in and run it on AC. As Gregory said, without the battery, the slightest knock to the magsafe connecter may cause it to disconnect, even momentarily, thus you lose all power and your MB turns off. Hopefully the battery will have enough capacity to allow the MB to stay on (briefly) when the connecter is disconnected for that moment. Just an idea.
  Good luck.

• Grid control shows process down but process is up

  How can I correct this issue?
  the processes are running, but grid control shows them down, is there a manual refresh that needs to be done?

  the agent is running on a windows server.
  it has been showing down for about a week, and it is still showing down, but all the processes are running.
  while looking in grid control the arrow on the top left is pointing down, and red
  but when I look further down the screen, I see that all of the arrows are pointing up and green.