IEEE 802.1x with EAP-TLS issue in cisco 2960

In My Cisco 2960 switch is not working with EAP-TLS mechanism of 802.1x but its works well with other  protocols like EAP-PEAP or MAC Address authentication.
Below is the configuration
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group radius
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group radius
aaa authorization configuration default group radius
aaa accounting update periodic 30
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
speed 100
duplex full
authentication order dot1x mab webauth
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 3
spanning-tree portfast
spanning-tree bpduguard enable
Can anyone suggest me ?

Thanks for the reply jatin.
I have a client on the interface fa0/1 with a valid client certificate. And have a debug logs as below
*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Interface state changed to UP
*Mar  8 00:03:06.266: AAA/BIND(000001C7): Bind i/f 
*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: initial state auth_initialize has enter
*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_initialize_enter called
*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)
*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected
*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called
*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: idle during state auth_disconnected
*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart
*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called
*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (0000.0000.0000)
*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter
*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called
*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle
*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)
*Mar  8 00:03:06.266: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle
*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called
*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Created a client entry (0xB0000DBA)
*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Dot1x authentication started for 0xB0000DBA (0000.0000.0000)
*Mar  8 00:03:06.266: dot1x-ev:DOT1X Supplicant not enabled on FastEthernet0/1
*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA
*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called
*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called
*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA
*Mar  8 00:03:06.274:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar  8 00:03:06.274: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called
*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called
*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA
*Mar  8 00:03:06.274:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar  8 00:03:06.274: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:06.274: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:06.274: EAPOL pak dump Tx
*Mar  8 00:03:06.274: EAPOL Version: 0x3  type: 0x0  length: 0x0005
*Mar  8 00:03:06.274: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
*Mar  8 00:03:06.274: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (0000.0000.0000)
*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): queuing an EAPOL pkt on Auth Q
*Mar  8 00:03:06.794: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar  8 00:03:06.794: EAPOL pak dump rx
*Mar  8 00:03:06.794: EAPOL Version: 0x1  type: 0x1  length: 0x0000
*Mar  8 00:03:06.794: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 0,TYPE= 0,LEN= 0
*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
    pae-ether-type = 888e.0101.0000
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Couldn't find the supplicant in the list
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): New client detected, notifying AuthMgr
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Sending event (0) to Auth Mgr for d43d.7e65.4fc1
*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL-Start packet
*Mar  8 00:03:06.794: EAPOL pak dump rx
*Mar  8 00:03:06.794: EAPOL Version: 0x1  type: 0x1  length: 0x0000
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting EAPOL_START on Client 0xB0000DBA
*Mar  8 00:03:06.794:     dot1x_auth Fa0/1: during state auth_authenticating, got event 4(eapolStart)
*Mar  8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_aborting
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_enter called
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): 802.1x method gets the go ahead from Auth Mgr for 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:06.794: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting AUTH_ABORT for 0xB0000DBA
*Mar  8 00:03:06.794:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 1(authAbort)
*Mar  8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_initialize
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called
*Mar  8 00:03:06.794:     dot1x_auth_bend Fa0/1: idle during state auth_bend_initialize
*Mar  8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting !AUTH_ABORT on Client 0xB0000DBA
*Mar  8 00:03:06.794:     dot1x_auth Fa0/1: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
*Mar  8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_aborting -> auth_restart
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_exit called
*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Resetting the client 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_restart_action called
*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA
*Mar  8 00:03:06.802:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar  8 00:03:06.802: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called
*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA
*Mar  8 00:03:06.811:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar  8 00:03:06.811: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA
*Mar  8 00:03:06.811:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar  8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:06.811: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:06.811: EAPOL pak dump Tx
*Mar  8 00:03:06.811: EAPOL Version: 0x3  type: 0x0  length: 0x0005
*Mar  8 00:03:06.811: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called
*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar  8 00:03:06.811: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar  8 00:03:06.811: EAPOL pak dump rx
*Mar  8 00:03:06.811: EAPOL Version: 0x1  type: 0x0  length: 0x0022
*Mar  8 00:03:06.811: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 1,LEN= 34
*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
    pae-ether-type = 888e.0100.0022
*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet
*Mar  8 00:03:06.811: EAPOL pak dump rx
*Mar  8 00:03:06.811: EAPOL Version: 0x1  type: 0x0  length: 0x0022
*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA
*Mar  8 00:03:06.811:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)
*Mar  8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called
*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called
*Mar  8 00:03:06.811: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'
*Mar  8 00:03:06.819: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X
*Mar  8 00:03:06.819: RADIUS(000001C7): Config NAS IP: 0.0.0.0
*Mar  8 00:03:06.819: RADIUS/ENCODE(000001C7): acct_session_id: 724
*Mar  8 00:03:06.819: RADIUS(000001C7): sending
*Mar  8 00:03:06.819: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59
*Mar  8 00:03:06.819: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/83, len 251
*Mar  8 00:03:06.819: RADIUS:  authenticator A1 79 FA E5 F4 B7 7F 4F - 2B 73 3A 0D 1F D8 89 20
*Mar  8 00:03:06.819: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"
*Mar  8 00:03:06.819: RADIUS:  Service-Type        [6]   6   Framed                    [2]
*Mar  8 00:03:06.819: RADIUS:  Framed-MTU          [12]  6   1500                     
*Mar  8 00:03:06.819: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"
*Mar  8 00:03:06.819: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"
*Mar  8 00:03:06.819: RADIUS:  EAP-Message         [79]  36 
*Mar  8 00:03:06.819: RADIUS:   02 01 00 22 01 68 6F 73 74 2F 44 30 39 30 32 4D 41 4C 4C 30  ["host/D0902MALL0]
*Mar  8 00:03:06.819: RADIUS:   30 35 2E 49 4E 2E 69 6E 74 72 61 6E 65 74    [ 05.IN.intranet]
*Mar  8 00:03:06.819: RADIUS:  Message-Authenticato[80]  18 
*Mar  8 00:03:06.819: RADIUS:   D6 6F 7B CD 36 46 5E F6 90 6F 85 A8 BD BD AE D8            [ o{6F^o]
*Mar  8 00:03:06.819: RADIUS:  EAP-Key-Name        [102] 2   *
*Mar  8 00:03:06.819: RADIUS:  Vendor, Cisco       [26]  49 
*Mar  8 00:03:06.819: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"
*Mar  8 00:03:06.819: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
*Mar  8 00:03:06.819: RADIUS:  NAS-Port            [5]   6   50001                    
*Mar  8 00:03:06.819: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"
*Mar  8 00:03:06.819: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             
*Mar  8 00:03:06.819: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"
*Mar  8 00:03:06.819: RADIUS(000001C7): Started 3 sec timeout
*Mar  8 00:03:06.861: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar  8 00:03:06.903: RADIUS: Received from id 1645/83 10.26.13.59:1812, Access-Challenge, len 76
*Mar  8 00:03:06.903: RADIUS:  authenticator 7B 1C DC CA A8 92 E9 34 - 17 86 25 2F 9D 7E 63 96
*Mar  8 00:03:06.903: RADIUS:  EAP-Message         [79]  8  
*Mar  8 00:03:06.903: RADIUS:   01 02 00 06 0D 20                 [  ]
*Mar  8 00:03:06.903: RADIUS:  Message-Authenticato[80]  18 
*Mar  8 00:03:06.903: RADIUS:   DD F3 7B 33 37 6D 40 BD F3 D2 78 DF F1 14 4D E4           [ {37m@xM]
*Mar  8 00:03:06.903: RADIUS:  State               [24]  30 
*Mar  8 00:03:06.903: RADIUS:   00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70          [ }@EP.{Lp]
*Mar  8 00:03:06.911: RADIUS(000001C7): Received from id 1645/83
*Mar  8 00:03:06.911: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA
*Mar  8 00:03:06.911:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)
*Mar  8 00:03:06.911: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request
*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:06.911: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:06.911: EAPOL pak dump Tx
*Mar  8 00:03:06.911: EAPOL Version: 0x3  type: 0x0  length: 0x0006
*Mar  8 00:03:06.911: EAP code: 0x1  id: 0x2  length: 0x0006 type: 0xD
*Mar  8 00:03:06.911: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called
*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar  8 00:03:06.920: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar  8 00:03:06.920: EAPOL pak dump rx
*Mar  8 00:03:06.920: EAPOL Version: 0x1  type: 0x0  length: 0x0069
*Mar  8 00:03:06.920: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 105
*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
    pae-ether-type = 888e.0100.0069
*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet
*Mar  8 00:03:06.920: EAPOL pak dump rx
*Mar  8 00:03:06.920: EAPOL Version: 0x1  type: 0x0  length: 0x0069
*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1
*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA
*Mar  8 00:03:06.920:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)
*Mar  8 00:03:06.920: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response
*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called
*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called
*Mar  8 00:03:06.920: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'
*Mar  8 00:03:06.920: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X
*Mar  8 00:03:06.920: RADIUS(000001C7): Config NAS IP: 0.0.0.0
*Mar  8 00:03:06.920: RADIUS/ENCODE(000001C7): acct_session_id: 724
*Mar  8 00:03:06.920: RADIUS(000001C7): sending
*Mar  8 00:03:06.920: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59
*Mar  8 00:03:06.920: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/84, len 352
*Mar  8 00:03:06.920: RADIUS:  authenticator 41 72 8D 6A B4 72 19 84 - 1B C8 33 F7 95 DD 07 BC
*Mar  8 00:03:06.928: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"
*Mar  8 00:03:06.928: RADIUS:  Service-Type        [6]   6   Framed                    [2]
*Mar  8 00:03:06.928: RADIUS:  Framed-MTU          [12]  6   1500                     
*Mar  8 00:03:06.928: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"
*Mar  8 00:03:06.928: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"
*Mar  8 00:03:06.928: RADIUS:  EAP-Message         [79]  107
*Mar  8 00:03:06.928: RADIUS:   02 02 00 69 0D 80 00 00 00 5F 16 03 01 00 5A 01 00 00 56 03 01 52 C5 45 4F 07 CA B3 29 50 A7 CE 40 76 B6 BD F0 50 D4 CE 9A 8A 02 C4 3D 40 35 B5 F0 E1 E2 75  [i_ZVREO)P@vP=@5u]
*Mar  8 00:03:06.928: RADIUS:   50 00 00 18 00 2F 00 35 00 05 00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 17 00 18 00 0B 00 02 01 00             [ P/528]
*Mar  8 00:03:06.928: RADIUS:  Message-Authenticato[80]  18 
*Mar  8 00:03:06.928: RADIUS:   A3 28 CE 27 20 C0 D6 2C 11 01 D6 61 1F C3 6F 03            [ (' ,ao]
*Mar  8 00:03:06.928: RADIUS:  EAP-Key-Name        [102] 2   *
*Mar  8 00:03:06.928: RADIUS:  Vendor, Cisco       [26]  49 
*Mar  8 00:03:06.928: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"
*Mar  8 00:03:06.928: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
*Mar  8 00:03:06.928: RADIUS:  NAS-Port            [5]   6   50001                    
*Mar  8 00:03:06.928: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"
*Mar  8 00:03:06.928: RADIUS:  State               [24]  30 
*Mar  8 00:03:06.928: RADIUS:   00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70          [ }@EP.{Lp]
*Mar  8 00:03:06.928: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             
*Mar  8 00:03:06.928: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"
*Mar  8 00:03:06.928: RADIUS(000001C7): Started 3 sec timeout
*Mar  8 00:03:07.004: RADIUS: Received from id 1645/84 10.26.13.59:1812, Access-Challenge, len 1188
*Mar  8 00:03:07.004: RADIUS:  authenticator 7B 52 29 05 7E C3 EF 8E - 13 38 30 03 4B 65 64 0F
*Mar  8 00:03:07.004: RADIUS:  EAP-Message         [79]  255
*Mar  8 00:03:07.004: RADIUS:   01 03 04 56 0D C0 00 00 05 78 16 03 01 00 51 02 00 00 4D 03 01 52 C5 45 4F 0F 04 37 77 A0 C2 68 66 4E 45 92 AB 3D 7F 94 70 AF 36  [VxQMREO7whfNE=p6]
*Mar  8 00:03:07.004: RADIUS:   1D C5 17 23 5C F1 FA CA 60 B0 20 A5 48 16 D5 3F F9 B0 FF 38 1D D5 13 B3 88 13 06 EF DC 87 5C AE 17 E7 7E 80 84 21 58 64 F7 A6 36 00 35 00 00 05 FF 01 00 01 00 16 03 01 02 1C 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30  [#\` H?8\~!Xd6500]
*Mar  8 00:03:07.004: RADIUS:   82 01 77 A0 03 02 01 02 02 09 00 88 7A CB 35 3F 1E 3E 62 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50  [wz5?>b0*H0/10USP]
*Mar  8 00:03:07.004: RADIUS:   49 4E 41 56 44 30 30 30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C  [INAVD0000410UPol]
*Mar  8 00:03:07.004: RADIUS:   69 63 79 4D 61 6E 61 67 65 72 30 1E 17 0D 31 33 30 38 32  [icyManager013082]
*Mar  8 00:03:07.004: RADIUS:   37 30 37 32 34 33 30 5A 17 0D 31 34 30 38 32 37 30 37  [7072430Z14082707]
*Mar  8 00:03:07.004: RADIUS:   32 34 33 30 5A 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50 49 4E 41 56  [2430Z0/10USPINAV]
*Mar  8 00:03:07.004: RADIUS:   44 30 30               [ D00]
*Mar  8 00:03:07.004: RADIUS:  EAP-Message         [79]  255
*Mar  8 00:03:07.004: RADIUS:   30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C 69 63 79 4D 61 6E 61  [00410UPolicyMana]
*Mar  8 00:03:07.004: RADIUS:   67 65 72 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 C9 B9 03 65 83 EB 39 86 14 BC 95 7B DB 07 7E C5 8A D7 DA C7 8A CA 5A 88 6E 0B 93 06 35 57  [ger00*H0e9{~Zn5W]
*Mar  8 00:03:07.012: RADIUS:   6E DE 93 CD C9 FE 8E 9F E1 5F A9 04 5C BD A9 AD 5A 04 6E 35 47 76 A1 58 E5 C4 32 D7 49 9E 17 75 20 C6 6F 45 40  [n_\Zn5GvX2Iu oE@]
*Mar  8 00:03:07.012: RADIUS:   AC EF 40 6D 15 38 F9 C2 28 7E C9 68 37 52 3B BF F4 C1 5E B8 BA 46 68 43 79 B1 65 66  [@m8(~h7R;^FhCyef]
*Mar  8 00:03:07.012: RADIUS:   9E 58 ED EC 8C 95 A2 D8 BF AA 77 AC 85 90 E3 AB C6 27 3A A2 22 AC 1C 48 B3 BF BE F7 85 CF 5C BB 2D 02 03 01 00 01 A3 32 30 30 30 0F 06 03 55 1D 11 04 08 30 06 87 04 0A 1A 0D 3B 30  [Xw':"H\-2000U0;0]
*Mar  8 00:03:07.012: RADIUS:   1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 03 30 0D 06 09 2A 86 48 86 F7 0D 01 01          [ U?0++0*H]
*Mar  8 00:03:07.012: RADIUS:  EAP-Message         [79]  255
*Mar  8 00:03:07.012: RADIUS:   05 05 00 03 81 81 00 C4 46 3E 38 3D 53 0F 28 34 C1 A6 ED DC 70 76 9B 70 6B A8 95 7C 44 8E 7D 6E D6 8B 6D  [F>8=S(4pvpk|D}nm]
*Mar  8 00:03:07.012: RADIUS:   90 49 83 06 E4 BF 68 2F 9D 77 78 A3 76 76 19 84 AD 26 3F F3 ED AA 88 52 35 0E 35 DD 00 E5 96 88 44 30 79 A0 71  [Ih/wxvv&?R55D0yq]
*Mar  8 00:03:07.012: RADIUS:   8D 25 3E 77 A0 E0 43 92 33 55 40 E1 C8 EE 88 11 25 E2 70 28 11 6C 5A 4E 3D F1 93 57 0A 6F  [?>wC3U@?p(lZN=Wo]
*Mar  8 00:03:07.012: RADIUS:   36 51 72 04 08 C0 C0 DF F0 94 A9 F7 A1 05 C8 37 D6 F8 D4 9C 20 1A 7B CD 2C 17 83 7B 8E 20 F7 2D B6 16 03 01 02 FC 0D 00 02 F4 03 01 02 40 02 EE 00 63 30 61 31 0B 30  [6Qr7 {,{ -@c0a10]
*Mar  8 00:03:07.012: RADIUS:   09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0A 13 0C 44 69 67 69 43 65 72 74 20 49  [UUS10UDigiCert I]
*Mar  8 00:03:07.012: RADIUS:   6E 63 31 19 30 17 06 03 55 04 0B 13 10 77 77 77 2E 64 69 67 69 63 65 72  [nc10Uwww.digicer]
*Mar  8 00:03:07.012: RADIUS:   74 2E 63 6F 6D 31 20 30 1E 06 03 55 04 03 13 17 44 69 67 69 43 65 72  [t.com1 0UDigiCer]
*Mar  8 00:03:07.012: RADIUS:   74 20 47 6C 6F 62 61 6C 20 52 6F 6F 74 20 43 41  [t Global Root CA]
*Mar  8 00:03:07.012: RADIUS:   00 48                 [ H]
*Mar  8 00:03:07.012: RADIUS:  EAP-Message         [79]  255
*Mar  8 00:03:07.012: RADIUS:   30 46 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31  [0F10&,dintranet1]
*Mar  8 00:03:07.020: RADIUS:   12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 16 30 14 06 03 55 04 03 13 0D 49 6E 64 69 61 20 52  [0&,dIN10UIndia R]
*Mar  8 00:03:07.020: RADIUS:   6F 6F 74 20 43 41 00 4A 30 48 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E  [oot CAJ0H10&,din]
*Mar  8 00:03:07.020: RADIUS:   74 72 61 6E 65 74 31 12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 18 30 16 06 03 55  [tranet10&,dIN10U]
*Mar  8 00:03:07.020: RADIUS:   04 03 13 0F 45 6E 74 65 72 70 72 69 73 65 20 43 41 2D 31 00 4D  [Enterprise CA-1M]
*Mar  8 00:03:07.020: RADIUS:   30 4B 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31  [0K10&,dintranet1]
*Mar  8 00:03:07.020: RADIUS:   12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 1B 30 19 06 03 55 04 03 13 12 49 4E 2D 53 50 49 4E  [0&,dIN10UIN-SPIN]
*Mar  8 00:03:07.020: RADIUS:   43 52 54 30 30 30 30 33 2D 43 41 00 D5 30 81 D2 31 0B 30 09 06 03 55 04 06 13 02 55  [CRT00003-CA010UU]
*Mar  8 00:03:07.020: RADIUS:   53 31 13 30 11 06 03 55 04              [ S10U]
*Mar  8 00:03:07.020: RADIUS:  EAP-Message         [79]  100
*Mar  8 00:03:07.020: RADIUS:   08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E  [California10USun]
*Mar  8 00:03:07.020: RADIUS:   6E 79 76 61 6C 65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E  [nyvale10UAruba N]
*Mar  8 00:03:07.020: RADIUS:   65 74 77 6F 72 6B 73 31 40 30 3E 06 03 55 04 03 0C 37 43 6C 65  [etworks1@0>U7Cle]
*Mar  8 00:03:07.020: RADIUS:   61 72 50 61 73 73 20 4F 6E 62 6F 61 72 64 20 4C  [arPass Onboard L]
*Mar  8 00:03:07.020: RADIUS:   6F 63 61 6C 20 43 65 72 74 69        [ ocal Certi]
*Mar  8 00:03:07.020: RADIUS:  Message-Authenticato[80]  18 
*Mar  8 00:03:07.020: RADIUS:   12 75 40 41 6F 40 6B 6F A5 FE AB 85 F3 B3 CF A4           [ u@Ao@ko]
*Mar  8 00:03:07.020: RADIUS:  State               [24]  30 
*Mar  8 00:03:07.020: RADIUS:   00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1         [ oQKnEKkHw]
*Mar  8 00:03:07.029: RADIUS(000001C7): Received from id 1645/84
*Mar  8 00:03:07.029: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+98, total 1110 bytes
*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA
*Mar  8 00:03:07.037:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)
*Mar  8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request
*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:07.037: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:07.037: EAPOL pak dump Tx
*Mar  8 00:03:07.037: EAPOL Version: 0x3  type: 0x0  length: 0x0456
*Mar  8 00:03:07.037: EAP code: 0x1  id: 0x3  length: 0x0456 type: 0xD
*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called
*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar  8 00:03:07.037: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar  8 00:03:07.037: EAPOL pak dump rx
*Mar  8 00:03:07.037: EAPOL Version: 0x1  type: 0x0  length: 0x0006
*Mar  8 00:03:07.037: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 6
*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,
    pae-ether-type = 888e.0100.0006
*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet
*Mar  8 00:03:07.037: EAPOL pak dump rx
*Mar  8 00:03:07.037: EAPOL Version: 0x1  type: 0x0  length: 0x0006
*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1
*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA
*Mar  8 00:03:07.037:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)
*Mar  8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response
*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called
*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called
*Mar  8 00:03:07.037: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'
*Mar  8 00:03:07.046: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X
*Mar  8 00:03:07.046: RADIUS(000001C7): Config NAS IP: 0.0.0.0
*Mar  8 00:03:07.046: RADIUS/ENCODE(000001C7): acct_session_id: 724
*Mar  8 00:03:07.046: RADIUS(000001C7): sending
*Mar  8 00:03:07.046: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59
*Mar  8 00:03:07.046: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/85, len 253
*Mar  8 00:03:07.046: RADIUS:  authenticator 1C D7 6D 40 A3 D6 BA B1 - A7 E6 70 DA 32 83 2E 19
*Mar  8 00:03:07.046: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"
*Mar  8 00:03:07.046: RADIUS:  Service-Type        [6]   6   Framed                    [2]
*Mar  8 00:03:07.046: RADIUS:  Framed-MTU          [12]  6   1500                     
*Mar  8 00:03:07.046: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"
*Mar  8 00:03:07.046: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"
*Mar  8 00:03:07.046: RADIUS:  EAP-Message         [79]  8  
*Mar  8 00:03:07.046: RADIUS:   02 03 00 06 0D 00
*Mar  8 00:03:07.046: RADIUS:  Message-Authenticato[80]  18 
*Mar  8 00:03:07.046: RADIUS:   73 1D 89 5C 66 19 32 B6 63 C2 64 C1 04 42 A9 F9           [ s\f2cdB]
*Mar  8 00:03:07.046: RADIUS:  EAP-Key-Name        [102] 2   *
*Mar  8 00:03:07.046: RADIUS:  Vendor, Cisco       [26]  49 
*Mar  8 00:03:07.046: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"
*Mar  8 00:03:07.046: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
*Mar  8 00:03:07.046: RADIUS:  NAS-Port            [5]   6   50001                    
*Mar  8 00:03:07.046: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"
*Mar  8 00:03:07.046: RADIUS:  State               [24]  30 
*Mar  8 00:03:07.046: RADIUS:   00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1         [ oQKnEKkHw]
*Mar  8 00:03:07.046: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             
*Mar  8 00:03:07.046: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"
*Mar  8 00:03:07.046: RADIUS(000001C7): Started 3 sec timeout
*Mar  8 00:03:07.113: RADIUS: Received from id 1645/85 10.26.13.59:1812, Access-Challenge, len 378
*Mar  8 00:03:07.113: RADIUS:  authenticator 1A 85 26 09 58 84 BC D4 - E0 A9 E3 C0 25 31 2D 31
*Mar  8 00:03:07.113: RADIUS:  EAP-Message         [79]  255
*Mar  8 00:03:07.121: RADIUS:   01 04 01 32 0D 00 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74  [2ficate Authorit]
*Mar  8 00:03:07.121: RADIUS:   79 20 28 53 69 67 6E 69 6E 67 29 31 3F 30 3D 06 09 2A  [y (Signing)1?0=*]
*Mar  8 00:03:07.121: RADIUS:   86 48 86 F7 0D 01 09 01 16 30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D  [H0d6bb4f70-f412-]
*Mar  8 00:03:07.121: RADIUS:   34 35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36  [4552-aee2-c7a026]
*Mar  8 00:03:07.121: RADIUS:   66 62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63  [[email protected]]
*Mar  8 00:03:07.121: RADIUS:   6F 6D 00 CB 30 81 C8 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66  [om010UUS10UCalif]
*Mar  8 00:03:07.121: RADIUS:   6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E 6E 79 76 61 6C  [ornia10USunnyval]
*Mar  8 00:03:07.121: RADIUS:   65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E 65 74 77 6F 72  [e10UAruba Networ]
*Mar  8 00:03:07.121: RADIUS:   6B 73 31 36 30 34 06 03 55 04 03 0C 2D 43 6C 65 61 72 50 61 73  [ks1604U-ClearPas]
*Mar  8 00:03:07.121: RADIUS:   73 20 4F 6E 62 6F 61 72 64 20 4C 6F 63 61 6C 20  [s Onboard Local ]
*Mar  8 00:03:07.121: RADIUS:   43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68  [Certificate Auth]
*Mar  8 00:03:07.121: RADIUS:   6F 72 69 74 79 31 3F 30 3D 06 09 2A 86 48 86 F7 0D 01 09 01 16       [ ority1?0=*H]
*Mar  8 00:03:07.121: RADIUS:  EAP-Message         [79]  55 
*Mar  8 00:03:07.121: RADIUS:   30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D 34  [0d6bb4f70-f412-4]
*Mar  8 00:03:07.121: RADIUS:   35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36 66  [552-aee2-c7a026f]
*Mar  8 00:03:07.121: RADIUS:   62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63 6F  [[email protected]]
*Mar  8 00:03:07.121: RADIUS:   6D 0E 00 00 00                 [ m]
*Mar  8 00:03:07.121: RADIUS:  Message-Authenticato[80]  18 
*Mar  8 00:03:07.121: RADIUS:   4C 46 AA B9 A5 D5 DF EA DB E7 2B 7B 51 7E 58 3F          [ LF+{Q~X?]
*Mar  8 00:03:07.121: RADIUS:  State               [24]  30 
*Mar  8 00:03:07.121: RADIUS:   00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1            [ E
*Mar  8 00:03:07.121: RADIUS(000001C7): Received from id 1645/85
*Mar  8 00:03:07.121: RADIUS/DECODE: EAP-Message fragments, 253+53, total 306 bytes
*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA
*Mar  8 00:03:07.130:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)
*Mar  8 00:03:07.130: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request
*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called
*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:07.130: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:07.130: EAPOL pak dump Tx
*Mar  8 00:03:07.130: EAPOL Version: 0x3  type: 0x0  length: 0x0132
*Mar  8 00:03:07.130: EAP code: 0x1  id: 0x4  length: 0x0132 type: 0xD
*Mar  8 00:03:07.130: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called
*Mar  8 00:03:07.138: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:07.138: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q
*Mar  8 00:03:07.138: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar  8 00:03:07.138: EAPOL pak dump rx
*Mar  8 00:03:07.138: EAPOL Version: 0x1  type: 0x0  length: 0x05D4
*Mar  8 00:03:07.138: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 1492
*Mar  8 00:03:07.138: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar  8 00:03:07.138: dot1x-ev(Fa0/1):
^Z
Malleswaram_2960#
*Mar  8 00:03:07.180: RADIUS:  State               [24]  30 
*Mar  8 00:03:07.180: RADIUS:   00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1            [ E
*Mar  8 00:03:07.180: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             
*Mar  8 00:03:07.180: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"
*Mar  8 00:03:07.180: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar  8 00:03:07.893: %SYS-5-CONFIG_I: Configured from console by jameela on vty0 (10.26.20.5)
Malleswaram_2960#
*Mar  8 00:03:10.225: RADIUS(000001C7): Request timed out
*Mar  8 00:03:10.225: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar  8 00:03:10.225: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar  8 00:03:13.354: RADIUS(000001C7): Request timed out
*Mar  8 00:03:13.354: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar  8 00:03:13.354: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar  8 00:03:16.307: RADIUS(000001C7): Request timed out
*Mar  8 00:03:16.307: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar  8 00:03:16.307: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar  8 00:03:19.369: RADIUS(000001C7): Request timed out
*Mar  8 00:03:19.369: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86
*Mar  8 00:03:19.369: RADIUS(000001C7): Started 3 sec timeout
Malleswaram_2960#
*Mar  8 00:03:22.456: RADIUS(000001C7): Request timed out
*Mar  8 00:03:22.456: RADIUS: Fail-over denied to  (10.26.13.59:1812,1813) for id 1645/86
*Mar  8 00:03:22.456: RADIUS: No response from (10.26.13.59:1812,1813) for id 1645/86
*Mar  8 00:03:22.456: RADIUS/DECODE: parse response no app start; FAIL
*Mar  8 00:03:22.456: RADIUS/DECODE: parse response; FAIL
*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Received an EAP Fail
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting EAP_FAIL for 0xB0000DBA
*Mar  8 00:03:22.456:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 10(eapFail)
*Mar  8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_fail
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_fail_enter called
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_fail_action called
*Mar  8 00:03:22.456:     dot1x_auth_bend Fa0/1: idle during state auth_bend_fail
*Mar  8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_fail -> auth_bend_idle
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting AUTH_FAIL on Client 0xB0000DBA
*Mar  8 00:03:22.456:     dot1x_auth Fa0/1: during state auth_authenticating, got event 15(authFail)
*Mar  8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_authc_result
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authc_result_enter called
*Mar  8 00:03:22.456: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Sending event (2) to Auth Mgr for d43d.7e65.4fc1
*Mar  8 00:03:22.456: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB
*Mar  8 00:03:22.456: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB
*Mar  8 00:03:22.456: dot1x-redundancy: State for client  d43d.7e65.4fc1 successfully retrieved
*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Received Authz fail for the client  0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting_AUTHZ_FAIL on Client 0xB0000DBA
*Mar  8 00:03:22.456:     dot1x_auth Fa0/1: during state auth_authc_result, got event 22(authzFail)
*Mar  8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authc_result -> auth_held
*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_enter called
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:22.464: EAPOL pak dump Tx
*Mar  8 00:03:22.464: EAPOL Version: 0x3  type: 0x0  length: 0x0004
*Mar  8 00:03:22.464: EAP code: 0x4  id: 0x4  length: 0x0004
*Mar  8 00:03:22.464: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting FAILOVER_RETRY on Client 0xB0000DBA
*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_held, got event 21(failover_retry)
*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_held -> auth_restart
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_exit called
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_restart_action called
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA
*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting REAUTH_MAX on Client 0xB0000DBA
*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_connecting, got event 11(reAuthMax)
*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_disconnected
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): d43d.7e65.4fc1:auth_disconnected_enter sending canned failure to version 1 supplicant
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:22.464: EAPOL pak dump Tx
*Mar  8 00:03:22.464: EAPOL Version: 0x3  type: 0x0  length: 0x0004
*Mar  8 00:03:22.464: EAP code: 0x4  id: 0x5  length: 0x0004
*Mar  8 00:03:22.464: dot1x-packet(Fa0/1): dot1x_auth_txCannedStatus: EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)
*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_disconnected_reAuthMax_action called
*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: idle during state auth_disconnected
*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart
*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending event (1) to Auth Mgr for d43d.7e65.4fc1
*Mar  8 00:03:22.464: dot1x-ev:Delete auth client (0xB0000DBA) message
*Mar  8 00:03:22.464: dot1x-ev:Auth client ctx destroyed
*Mar  8 00:03:22.674: AAA/BIND(000001C8): Bind i/f 
*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: initial state auth_initialize has enter
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_initialize_enter called
*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)
*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_disconnected_enter called
*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: idle during state auth_disconnected
*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_enter called
*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0x4A000DBB (0000.0000.0000)
*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_initialize_enter called
*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle
*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)
*Mar  8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_enter called
*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Created a client entry (0x4A000DBB)
*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Dot1x authentication started for 0x4A000DBB (0000.0000.0000)
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0x4A000DBB
*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_enter called
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_connecting_action called
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0x4A000DBB
*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_authenticating_enter called
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_authenticating_action called
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting AUTH_START for 0x4A000DBB
*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar  8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called
*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Role determination not required
Malleswaram_2960#
*Mar  8 00:03:22.674: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:22.674: EAPOL pak dump Tx
*Mar  8 00:03:22.674: EAPOL Version: 0x3  type: 0x0  length: 0x0005
*Mar  8 00:03:22.674: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
*Mar  8 00:03:22.674: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (0000.0000.0000)
*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_request_action called
*Mar  8 00:03:22.791: dot1x-ev(Fa0/1): New client notification from AuthMgr for 0x4A000DBB - d43d.7e65.4fc1
*Mar  8 00:03:22.791: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB
*Mar  8 00:03:25.761:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)
*Mar  8 00:03:25.761: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request
*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called
*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called
*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:25.761: dot1x-registry:registry:dot1x_ether_macaddr called
Malleswaram_2960#n
*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:25.761: EAPOL pak dump Tx
*Mar  8 00:03:25.761: EAPOL Version: 0x3  type: 0x0  length: 0x0005
*Mar  8 00:03:25.761: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
*Mar  8 00:03:25.761: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)
Malleswaram_2960#no debu
Malleswaram_2960#no debug
*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB
*Mar  8 00:03:28.848:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)
*Mar  8 00:03:28.848: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request
*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called
*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called
*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Role determination not required
*Mar  8 00:03:28.848: dot1x-registry:registry:dot1x_ether_macaddr called
Malleswaram_2960#no debug all
*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar  8 00:03:28.848: EAPOL pak dump Tx
*Mar  8 00:03:28.848: EAPOL Version: 0x3  type: 0x0  length: 0x0005
*Mar  8 00:03:28.848: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1
*Mar  8 00:03:28.848: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)
Malleswaram_2960#no debug all
All possible debugging has been turned off
Malleswaram_2960#
*Mar  8 00:03:31.180: AAA: parse name=tty1 idb type=-1 tty=-1
*Mar  8 00:03:31.180: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
*Mar  8 00:03:31.180: AAA/MEMORY: create_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' ds0=0 port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0) key=C9A1F1D1
*Mar  8 00:03:31.389: TAC+: (-1901802859): received author response status = PASS_ADD
*Mar  8 00:03:31.389: AAA/MEMORY: free_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15
*Mar  8 00:03:31.935: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar  8 00:03:31.935: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar  8 00:03:31.935: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar  8 00:03:31.935: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar  8 00:03:31.935: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#no deb
Malleswaram_2960#no debug al
Malleswaram_2960#no debug all
All possible debugging has been turned off
Malleswaram_2960#
*Mar  8 00:04:32.677: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar  8 00:04:41.938: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar  8 00:04:41.938: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar  8 00:04:41.938: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar  8 00:04:41.938: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar  8 00:04:41.938: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar  8 00:05:42.654: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar  8 00:05:51.915: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID
*Mar  8 00:05:51.915: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar  8 00:05:51.915: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
*Mar  8 00:05:51.915: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Malleswaram_2960#
*Mar  8 00:05:51.915: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3
Pls dont worry about day and time.

Similar Messages

  • 802.1x with EAP-TLS and dACLs

    Hi,
    i'm looking to enable 802.1x on the wired network using EAP-TLS. The radius server will be an ACS5.2 running on the appliance. We'd also need some authorization for different machines - we'd like to use dACLs for that so that machine A will get full access while machine B will get restricted access (both client machines are related to different business units). So machine based auth (clients run XP SP3 or Vista).
    I'm not very clear about the following...based on the presented client machine certificate, we should be able to apply an authorization policy (dACL). How can we set this up...anyone else tried this before?
    in 'worst'  case we could do machine auth (EAP-TLS) to validate it's a corporate machine connecting, followed by user authentication & authorization (EAP-PEAP) to apply access policies based on the user id..with PEAP is see it might be easier to extract user info out of AD to make policy decision...?
    Thanks,
    Guy

    Hi Guy,
    provided that the dACL is just part of the Authorization profile that you return to the client, you need to make sure that you have the correct attributes so to allow the authorization policy evaluation.
    In ACS 5 when you configure a "Certificate Authentication Profile", the basic option is just to validate the client certificate.
    So as long as ACS can validate the cert using the trusted CA certificates installed on ACS, the authentication is successful.
    However, if you do so the only attributes you can base your authorization policy evaluation are the non-binary attributes of the certificate itself, as there's no query done to any backend DB in this case.
    If you want to evaluate the authorization policy where you want to check for additional attributes that are stored on an external DB (e.g. Active Directory), you can do it in two ways:
    1) enable certificate binary comparison on the "Certificate Authentication Profile": this will both perform the binary comparison of the cert and it will fetch the user attributes from AD; this of course requires that the certificate for the user is also stored on the "userCertificate" attribute in Active Directory.
    2) configure an "Indentity Store Sequence" where you select:
      - Authentication Method List : Certificate based : "Certificate Authentication Profile"
      - Additional Attribute Retrieval Search List : Add "AD1" among the selected Identity Stores
    In this case ACS won't perform binary comparison of the cert, but it will look for the corresponding user account in AD so to fetch additional attributes (group membership, etc..)
    You can find relevant documentation about this on the ACS user guide:
    - Configuring "Certificate Authentication Profile"
    http://www.cisco.com/en/US/customer/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1054057
    - Configuring "Identity Store Sequence"
    http://www.cisco.com/en/US/customer/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1054132
    - Managing policy elements:
    http://www.cisco.com/en/US/customer/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/pol_elem.html
    I hope this helps.
    Regards,
    Federico
    If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

  • 802.1x with EAP-TLS Fails on Wired

    Dear Colleagues,
    I am currently encountering an issue which does not seem to make sense to me and hence checking if anyone of you have come across the same or can provide further input on how to proceed...
    Setup :
    1. Radius Server - Cisco ACS 1113 Engine
    2. Authenticator - Cisco 6509 Switch
    3. Supplicant - Windows XP SP2/3
    Problem:
    1. Supplicants fail to authenticate using EAP-TLS as the authentication method.
    Errors Seen:
    1. Cisco ACS Reports - Authen session timed out: Supplicant did not respond to ACS correctly. Check supplicant configuration.
    2. Cisco Switch Reports - dot1x-err(Gi3/39): Invalid Eapol packet length = 1490
    3. Supplicant Reports when Trace enabled in the RASTLS file - “>> Received Failure (Code: 4) packet: Id: 8, Length: 4, Type: 0, TLS blob length: 0. Flags:” and “Code 4 unexpected in state SentFinished”
    Other Information:
    1. Wireless Clients using the windows supplicant and EAP-TLS connect without any issue.
    2. ACS has certificates issued by 3rd Party Root CA - Geotrust.
    3. Clients have Certs issued by clients own CA infrastructure.
    4. ACS has the clients Root CA cert in the trust list and hence why the wireless users work.
    5. PEAP works fine on wired.
    Any pointers appreciated. Happy to share logs from Switch / Supplicant and ACS if needed.
    Thanks
    Volven

    Dear Colleagues,
    I am currently encountering an issue which does not seem to make sense to me and hence checking if anyone of you have come across the same or can provide further input on how to proceed...
    Setup :
    1. Radius Server - Cisco ACS 1113 Engine
    2. Authenticator - Cisco 6509 Switch
    3. Supplicant - Windows XP SP2/3
    Problem:
    1. Supplicants fail to authenticate using EAP-TLS as the authentication method.
    Errors Seen:
    1. Cisco ACS Reports - Authen session timed out: Supplicant did not respond to ACS correctly. Check supplicant configuration.
    2. Cisco Switch Reports - dot1x-err(Gi3/39): Invalid Eapol packet length = 1490
    3. Supplicant Reports when Trace enabled in the RASTLS file - “>> Received Failure (Code: 4) packet: Id: 8, Length: 4, Type: 0, TLS blob length: 0. Flags:” and “Code 4 unexpected in state SentFinished”
    Other Information:
    1. Wireless Clients using the windows supplicant and EAP-TLS connect without any issue.
    2. ACS has certificates issued by 3rd Party Root CA - Geotrust.
    3. Clients have Certs issued by clients own CA infrastructure.
    4. ACS has the clients Root CA cert in the trust list and hence why the wireless users work.
    5. PEAP works fine on wired.
    Any pointers appreciated. Happy to share logs from Switch / Supplicant and ACS if needed.
    Thanks
    Volven

  • 802.1x RADIUS with EAP-TLS/EAP-TTLS & Dynamic VLAN Assignment

    Hello, My team is looking for switches supporting 802.1x authentication on either EAP-TTLS or EAP-TLS protocols with dynamic vlan assignment enabled for these. Looking at the data sheets of the Linksys desktop switches, I found only SLM224G4PS and SLM224G4S models to support EAP-TLS or EAP-TTLS. Am I right? Do they support Dynamic VLAN Assigment for either of those protocols? This is not explicitly mentioned in the data sheets, and I happen to find switches from other manufacturers that announce to support EAP-TLS/EAP-TTLS but no dynamic vlan assignment. Thank you for any help.

    SLM switches do support 802.1x RADIUS with EAP-TLS/EAP-TTLS unlike the SRW switches which support MD5. But I don't think that they support Dynamic VLAN.

  • ACS SAN EAP-TLS Issue

    Hi,
    we have an issue with eap-tls authentication with SAN (Subject Alternate Name). The authentication uses the CN instead of SAN.
    Our enviroment is so build:
    1 LWAPP Cisco AP
    1 WLC & 1 WCS
    1 ACS (4.2.(1) Build 15 Patch 3)
    1 CA (Certification Authority enTrust)
    1 Windows 8.1 Client
    The ACS global authentication configuration is attacched to the discussion.
    The ACS certification is loaded correctly and the CA is trusted.
    On the client the user certificate is correctly loaded.
    In the Failed Attempts I can found in the username field the CN of user's certificate but i cannot see the SAN.
    Thanks in advance

    It should not happen, Please check the error codes from here
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1.3/troubleshooting/guide/ecodes.html

  • Trouble with EAP-TLS with Wireless before Windows logon

    Ill start with a list of equipment;
    5508 WLC
    3502i AP's
    Cisco ACS 5.3
    Windows 7 clients
    WLAN is configure with WPA2/AES with 802.1x for key management.
    Client is configure with WPA2/AES, auth method is Microsoft: Smart Card or other certificate on computer. Auth mode is User or Computer authentication.  The client is configured to use a certificate on the computer.  "It only works if user or computer auth is seected."  If i use Computer Authenticate option......its says it cant find a certificate to use for EAP.
    ACS is configured to only allow for protocol EAP-TLS.
    We have created a standalone CA server and have distributed the CA root and client authentication certificates to all test systems.
    This whole process with EAP-TLS works great if you are already logged in to the machine, with cache credentials.  Once I log off the Windows 7 client, I lose connection to the WLAN.  We would like to stay logged on to the WLAN.  PEAP w/ MSCHAPV2 works great with staying connected to the WLAN but we want to use EAP-TLS.
    Any ideas??
    Thanks in advanced,
    Ryan

    Hi Ryan,
    You actually answer your own question :) The reason for the fault is because the Machine Account doesn't have a Certificate, so when your User logs off the Machine Account can't login to keep the session going, and thus you get disconnected. Provide the Machine Account with a Certificate and your problem will be resolved.
    Richard

  • WPA2 security with EAP-TLS user cert auth

    I am investigating the use of EAP-TLS for authenticating clients through a MS NPS radius server for WLC WLAN using WPA-WPA2 for security with 802.1x for auth-key managment. We're trying to decide whether to use PEAP and AD account authentication or require client certificates issued by AD certifcate services. PEAP is working fine if we choose that auth method in our NPS radius network policy, but if we switch this to "smart card or other certificate" for client cert auth it does not work. The wireless profile on the Windows client is set up for WPA2/AES with "Microsoft: smart card or other certificate" for network auth.  The 802.1x settings specify "User Authentication" and a user cert for the logged in user from ADCS is installed on the machine. The failure to connect reports "The certificate required to connect to this network can't be found on your computer". When I switch to Computer Authentication the error changes to "Network authentication failed due to a problem with the user account," though a valid machine cert also exists on the computer. 
    When I attempt to use cert auth I see no auth requests logged on the RADIUS server. I ran MS netmon on both the client and NPS server and I also see no requests coming in from the WLC to NPS. When using PEAP I do see EAP requests and responses between NPS and the WLC and radius requests logged.  On the client end I do see an EAP request to the WAP when attempting cert auth, but no messages between the WLC and NPS.
    It's also interesting that when I change the WLAN to use 802.1x and WEP encryption for layer 2 auth the cert auth  worked first time, though I haven't been able to get that working since. Windows now complains I am missing a cert for that. In any case, what I really want is WPA2/AES with 802.1x cert auth and would like to get this working.
    Is anyone using EAP-TLS with MS NPS radius and a WLC successfully? Any ideas on how to troubleshoot this or why I'm not seeing any traffic between WLC and NPS radius when attempting cert auth?

    Well Well
    WLC or any AAA client acts in pass through mode after initialy generating EAP-identity request so it has nothing to with EAP type. AAA client will behave the same no matter if you use PEAP , EAP-TLS or LEAP .....
    The error message that you have reported is clearly sayign that your client doesn't have certificate to submit agains the back-end authentication server and accordingly the process fails . If you are not saying anything sent from WLC to NPS , it makes sense , because when the WLC initialy generate eap-identity request your client fails to answer and accordingly nothing is being sent to NPS server.
    In order to verify that we need ' debug client < mac address of the client > ' from the WLC while trying to connect to make sure that is the case.
    Also make sure that your client has certificate that is binded to a user account defined on your AD in away or another to have it working.
    Please make sure to rate correct answers

  • Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS

    In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
    on this computer" and un-checked "Use simple certificate selection".
    My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
    client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
    drop down.
    Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
    TIA,
    -Rick

    Hi Rick,
    Thank you for your patience.
    According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
    know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
    Best regards,
    Steven Song
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Distributed ISE & Distributed PKI = EAP-TLS issues ... Correct?

    In a distributed ISE deployment with regional intermediate CA, I am getting failed authentication due to " EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain".  Client device have only one client certificate issued from regional intermediate CA. When client device goes across the region, they can't authenticate and gets this "unknown” CA error. The admin node has certificates of all intermediate CAs and root CA.
    One possible solution is to add intermediate CA certificates to all regional Node groups but apparently it is not possible on ISE policy nodes.
    Have a look at the diagram below and let me know you think (Client authentication failure at both location 1 and 3).

    Thanks Jan for reply. And short answer is Yes ....
    we have identified the issue and it has been resolved now. It was down to one of the cert corruption on primary admin.
    It was only identified after going to debug logs in prrt. Verification was done by export that particular cert and analyzing it. Don't know how it got corrupted but it did.
    In CA cert section on primary admin node, it was displaying correct value like issue date etc but when it was exported for analysis, I couldn't open it.
    So moral of the story is that the someone thought that they need to put a status field against every cert on ISE and it wasn't decided how to check its status - no offence.

  • ISE problem with EAP-TLS Supplicant Provisioning

    Hi All,
    I have a demo built using ISE v1.1.3 patch 1 and a WLC using v7.4.100.0 software.  The aim of the demo is to provision a device's supplicant with an EAP-TLS Certificate...  'device on-boarding'
    The entire CWA / Device Registration process is all fine and works well.  I'm using a publically signed Cert on ISE that is built from [Root CA + Intermediate CA + Host Cert] which is used for both HTTPS and EAP and I also have SCEP operating against my Win 2k8 Enterprise Edition CA that is part of my Active Directory.  All of this works fine.
    The problem is that when ISE pushes the WLAN config down to the device, it instructs the Client to check for the Root CA, but the RADIUS processes within ISE are bound to the Intermediate CA.  This leads to a problem where the Client doesn't trust the Certificate presented to it from ISE.  There doesn't seem to be any way to configure this behaviour within ISE.
    Has anybody else encountered this? Know a solution? Have suggestions for a workaround?
    Cheers,
    Richard
    PS - Also using WinSPWizard 1.0.0.28

    Hi Richard,
    This is a misbehavior that ISE is provisioning the intermediate CA certificate during the BYOD registration process in similar (hierarchical certificate authority) scenarios. It is going to be fixed soon. Engineering is almost ready with the fix.
    Istvan Segyik
    Systems Engineer
    Global Virtual Engineering
    WW Partner Organization
    Cisco Systems, Inc
    Email: [email protected]
    Work: +36 1 2254604
    Monday - Friday, 8:30 am-17:30 pm - UTC+1 (CET)

  • 'Could not find user' with EAP-TLS in ACS

    Hi all,
    we are running ACS 4.2(1) Build 15 on a Win2003 member server and use the ACS for EAP-TLS with certificates (Microsoft-PKI) for WLAN authentication (WLC 4402, 6.0 and 4.2). We are using both machine and user authentication.
    Sometimes machine authentications fail with following message in AUTH.log:
    AUTH 11/01/2010 09:11:28 E 1395 1904 0x31cb External DB [NTAuthenDLL.dll]: Could not find user host/<xxxxxxxx>.com (0x5012)
    But some minutes/hours later the same machine can authenticate successful. Other machines never have this problem, no problems at all with user authentications.
    Does anyone have an idea where I can proceed with troubleshooting? I haven't found any related messages in server event logs. Are there any other logs where I can find reasons for these problems that are occuring only sometimes?
    Thanks
    Kai

    AUTH.log and RDS.log are two log file you need to look into on ACS side. Make sure the log level is set to "Full"
    You might need to check the log on AD side to see why it could not find this host.
    Comparing the logs between the working and non-working cases might be helpful.

  • Having trouble staying connected to IEEE 802.1X with my iPhone 4s

    I got my iPhone 4S pre-ordered with Verizon and I am having trouble staying connected to my college's 802.1x WiFi connection. My college has a help website with a walkthrough to connect to the network and it works and I can get WiFi on my phone but when I lock my phone for about 1 minute my phone forgets the connection and I have to go through the steps all over again to get connected.
    Here are the steps my school site has me follow:
    Connecting to the RPI Wireless Network Using 802.1x Authentication on the iPhone / iPod Touch
    Make sure that your device has been updated to the latest software version available.
    Go into Settings and select Wi-Fi.
    Make sure the Wi-Fi switch is set to ON.
    Under Choose a Network, select Other....
    Enter rpi_802.1x for the Network Name, and press the Security option.
    Select WPA2 Enterprise as the security, then press the Other Network button in the top-left corner to return to the previous screen.
    Enter your RCS userID and password in the appropriate fields and press the blue Join button in the bottom-right.
    Let the network access load, then press the Accept button to accept the certificate provided.
    This is really annoying so any help would be appreciated.

    We use 802.1x Authentication here at UCSD and it seems fine.
    The only problem i see is it will disconnect when you lock the phone but it automatically reconnects when you unlock the phone.
    Our setup is a lot simpler, you just select the network and enter in your AD account information.
    It could be your college has not setup their wifi correctly. You should connect your network team.
    http://blink.ucsd.edu/technology/network/connections/wireless/iphone4.html

  • Airport extreme 802.11g with new Powerbook issue

    Situation: Have a new Powerbook and replacing Linksys wireless router with older Airport Extreme. After connecting, network shows connection to the automatically named Apple network, however, unable to get on internet. Guessing the base station has a long forgotten password, so tried to use airport admin utility to reset but couldn't locate the program on the hard drive. Do the new G4's not include this program ? Or could it be some other steps I'm not taking to resolve ?
    Thanks for the help.

    Hi, dvj001. There are no "new Powerbooks" or "new G4s"; the last G4 Macs were discontinued more than two years ago. What model is your machine, assuming it really is a Powerbook?
    Identify PB G4 Models

  • Port Channel Issue on Cisco 2960s-24ts

    Hi All
    Last week at a customer site we installed a 2nd 2960s 24 port switch to form a stack using flexstack cables, and the switch stack is working as expected as I can see a master switch and 2nd switch as a member.
    For redundancy / resilience we decided to use port 24 on each switch over copper for trunk uplinks to our core switch. The issue that we're having is I can't ping the switch management address. I can however see the address in the arp table and the edge switch is visible when I run show cdp nei. As a work around I've shutdown one of the ports to the downlink from core to edge in order to ping the management address of the switch which is in vlan 1. I'd like to get the port-channel working on both sides for resilience.
    ANY HELP IS APPRECIATED...
    Core switch is a WS-C3750G-24TS-1U running software version  C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE4, C3750 Software (C3750-IPBASE-M)
    Edge switch is a WS-C2960S-24TS-L running software version C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(53r)SE,C2960S Software (C2960S-UNIVERSALK9-M)
    The config on the edge switch which goes to the core is :
    interface GigabitEthernet1/0/24
     description *****
     switchport mode trunk
     channel-group 6 mode on
    end
    interface GigabitEthernet2/0/24
     description *****
     switchport mode trunk
     channel-group 6 mode on
    end
    interface Port-channel6
     description ******
     switchport mode trunk
    end
    The config on the downlink ports from the core to the edge:
    interface GigabitEthernet1/0/20
     description Edge
     switchport trunk encapsulation dot1q
     switchport mode trunk
     channel-group 20 mode on
    end
    interface GigabitEthernet2/0/20
     description Edge
     switchport trunk encapsulation dot1q
     switchport mode trunk
     shutdown
     channel-group 20 mode on
    end
    interface Port-channel20
     description Edge
     switchport trunk encapsulation dot1q
     switchport mode trunk
    end

    when using channel-group # on mode you must make sure the ports are on same duplex and speed setting
    what happens when you use active mode?

  • DHCP Issue on Cisco 2960

    I have an device that use Multicast and is unable to aquire an ip address when connected to a 2960 switch. I have a 3560 switch that is configured with the DHCP scope. We have DHCP pool configured. layer 2, and layer 3 switch's.
    Basically what’s happing  is that if we connect the device to the switch it does not get a DHCP address however if we apply a static address it works.  Now I have duplicated this in the lab and the everything works fine, the only difference is that I have a different IOS on my Lab switch.  The only thing i can think of is the IOS.
    Any help would be appreciated.
    The IOS on the 2960 is flash:c2960-lanbasek9-mz.122-55.SE7.

    Hi Anil,
    I need to know the mac-address of the client as i see two different DHCP Requests from:
    0100.237d.14b5
    and
    0198.fe94.dcd6
    Moreover i see only one DHCP pool on the layer 3 switch:
    ip dhcp pool
    network 10.65.117.0 255.255.255.0
    dns-server 198.6.1.122 198.6.1.142 8.8.8.8
    default-router 10.65.117.1
    And as you said that it should pick IP address from vlan2, but i dont see any pool for vlan2 on the contrary you did mention that if you connect your laptop on that port it does pick IP address from vlan 2. its actually very weird.
    If possible collect the wireshark captures from machine interface for more debugging. i want to see the DHCP process. and let me know if you need any help in collecting captures
    Regards,
    RS

Maybe you are looking for