Radius problems/ichain
we have Nw6.5 SP2 with radius files from ichain 2.3 CD(overwrite all)
with the nmas patch
nmas V2.6.8
radius v4.15
problems:
1.were getting radius client unknown (radius nlm does load but wont
unload, just hangs)
2. i can only get nwadmin to save the client details in the DAS object
C1 just wont save it- ive tried V136c,136,135 and the server version
which errors with
"waiting for reading vendor list from attribute file" however the
radius.atr file does exist
3. not sure if this is relevant here but vasco token wont assign to a user
errors with "unable to write configuration data"
thanks for help
well for no reason at all it started working with C1 locally 2 days later !
weird
Also if I assign a DAS object to a container and all users underneath are
told to inherit the DAS from the container settings
then I wont have to configure each user object ? This doesnt sem to inherit
for some reason.
Is the Radus.nlm form the ichain 2.3 auth CD good enough for a NW6.5 SP2
server or is
there an update
Thanks?
"Scott Kiester" <[email protected]> wrote in message
news:bYq%[email protected]...
> Your first and third items could be due to an inconsistent or missing tree
> key. You can use SDIDIAG to troubleshoot and correct tree key issues.
> SDIDIAG is available as a free download from the support site.
>
> Your second issue is due to a bug in the RADIUS ConsoleOne snapin. The
> problem should go away if you run ConsoleOne from your local workstation,
> instead of running it from a drive mapped to the server. The snapin uses a
> very inefficient method of parsing the radius.atr file, which requires it
to
> do several seeks for each record that is processed. When ConsoleOne has to
> go over the network to access the file, it can take a very long time to
> parse (10-15 minutes in my experience).
>
> Also, don't administer NMAS RADIUS with NWAdmin. NWAdmin is for BMAS 3.7
and
> older BMAS servers only. (BMAS 3.8 is NMAS RADIUS, and therefore uses
> ConsoleOne.)
>
> >>> <[email protected]> 09/07/04 7:12 AM >>>
> we have Nw6.5 SP2 with radius files from ichain 2.3 CD(overwrite all)
> with the nmas patch
> nmas V2.6.8
> radius v4.15
>
> problems:
> 1.were getting radius client unknown (radius nlm does load but wont
> unload, just hangs)
> 2. i can only get nwadmin to save the client details in the DAS object
> C1 just wont save it- ive tried V136c,136,135 and the server version
> which errors with
> "waiting for reading vendor list from attribute file" however the
> radius.atr file does exist
> 3. not sure if this is relevant here but vasco token wont assign to a user
> errors with "unable to write configuration data"
>
> thanks for help
>
>
Similar Messages
-
I'm having trouble getting a border radius to work as I want. Please keep in mind my pages are works in progress. The corner radii of the footer div do not fill correctly when I apply a 1px border around the container div. There's a tiny bit of page background color that bleeds through at the lower rounded corners. Look here:
http://www.kiefferfurniture.com/testcss.html
If I remove the border from the container div and add it to the footer div, then it does render correctly. Look here:
http://www.kiefferfurniture.com/testcss2.html
Applying the border to both causes the border to appear as 2px wide where the divs overlap, and that is no good. How do I get a 1px border around everything so it looks and renders correctly?I'm not seeing a problem in FF12. But older browsers need proprietary code. Note the syntax difference for Mozilla (whacky).
Also, older IE doesn't support border-radius.
#footer {
background-color: #66A7C5;
margin-top: 0px;
border: 5px solid #284B4D; /**increased border width**/
-webkit-border-bottom-right-radius: 10px;
-webkit-border-bottom-left-radius: 10px;
-moz-border-radius-bottomright: 10px;
-moz-border-radius-bottomleft: 10px;
border-bottom-right-radius: 10px;
border-bottom-left-radius: 10px;
Nancy O.
Alt-Web Design & Publishing
Web | Graphics | Print | Media Specialists
http://alt-web.com/
http://twitter.com/altweb
http://alt-web.blogspot.com/ -
WLC 7.6.120.0 Radius problems with FreeRadius server
Hi there
we have 3 WLC 5508 with version 7.6.120.0 and 2 FreeRadius servers. In the WLC log we see a lot of "radius auth-server unavailable" messages and some users can not authenticate against our dot1x (PEAP).
The problems occur most of the time, when there are a lot of WLAN clients trying to connect to the SSID at the same time.
Does anybody have the same problems or are there any known bug for this phenomena?
Thanks in advance and best regards
AnnaHi Anna
your problems seems to be this bug here: https://tools.cisco.com/bugsearch/bug/CSCuo96366
Symptom:
Clients are not able to Authenticate at Peak loads when using FreeRadius.
Conditions:
Using Freed radius (most susceptible), we observe at high auth rate and if Radius server is not responding to all Radius packets in seq order or if the server is slow, WLC when wraps around 0-255 Radius ID's, it does not do a check when posting new packet.
So essentially you have 2 packets with same ID being presented to AAA server.
Workaround:
Recover's when load is reduced.
Further Problem Description:
So far, issue has not been brought to notice while using ISE/ACS/NPS.
There are two possible solutions I see:
1. Downgrade to an earlier WLC version <7.6 (e.g. 7.4.121.0)
2. Try to have another radius server in between (radius proxy, e.g. Cisco ACS or Microsoft NPS)
Best regards
Dominic -
WLC 5508 Release 7.4.100.0 RADIUS PROBLEM
Hi,
Previously I was using 7.0.116.0 and there was no problem on Radius Authentication.
Client uses secure V2
After upgrading 7.4.100.0 Radius Authentication Successfull,
but Secure V2 continuously opens login page
Thanks(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Eduroam
Network Name (SSID).............................. eduroam
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 48
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ eduroam_1
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.0.15.1
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 193.140.164.5 1812
--More-- or (q)uit
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
--More-- or (q)uit
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID IP Address Status -
802.1x with ACS 4.2 (RADIUS) problem
HI all!
I am trying to configure AAA authentication and authorization with Cisco 3725 (IOS 12.4(17)) for 802.1x and ACS 4.2 with VLAN assignment to my Windows XP client. (trying to assign VLAN 100 in my scenario).
When user connects to the Router, it passes the authentication process (EAP-MD5). In my debug i see that Router recieves the Radius Attributes BUT does not apply anything!
My running config:
Building configuration...
Current configuration : 1736 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R4
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa session-id common
memory-size iomem 5
ip cef
no ip domain lookup
ip domain name lab.local
ip device tracking
dot1x system-auth-control
interface FastEthernet0/0
ip address 10.10.0.253 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet1/0
dot1x port-control auto
interface FastEthernet1/1
interface FastEthernet1/2
interface FastEthernet1/3
interface FastEthernet1/4
interface FastEthernet1/5
interface Vlan1
ip address 192.168.1.1 255.255.255.0
interface Vlan100
ip address 192.168.100.1 255.255.255.0
ip forward-protocol nd
no ip http server
no ip http secure-server
mac-address-table static 0800.27b1.b332 interface FastEthernet1/0 vlan 1
radius-server host 10.10.0.2 auth-port 1645 acct-port 1646 key cisco
radius-server vsa send accounting
radius-server vsa send authentication
My Radius debug information:
*Mar 1 00:21:31.487: RADIUS: Pick NAS IP for u=0x65BAF324 tableid=0 cfg_addr=0.0.0.0
*Mar 1 00:21:31.491: RADIUS: ustruct sharecount=2
*Mar 1 00:21:31.491: Radius: radius_port_info() success=1 radius_nas_port=1
*Mar 1 00:21:31.491: RADIUS: added cisco VSA 2 len 15 "FastEthernet1/0"
*Mar 1 00:21:31.491: RADIUS: Request contains 9 byte EAP-message
*Mar 1 00:21:31.491: RADIUS: Added 9 bytes of EAP data to request
*Mar 1 00:21:31.495: RADIUS/ENCODE: Best Local IP-Address 10.10.0.253 for Radius-Server 10.10.0.2
*Mar 1 00:21:31.507: RADIUS(00000000): Send Access-Request to 10.10.0.2:1645 id 1645/3, len 127
*Mar 1 00:21:31.511: RADIUS: authenticator 36 68 24 30 F0 CC E8 3C - 69 48 61 E3 DA 28 52 AC
*Mar 1 00:21:31.511: RADIUS: NAS-IP-Address [4] 6 10.10.0.253
*Mar 1 00:21:31.511: RADIUS: NAS-Port [5] 6 0
*Mar 1 00:21:31.511: RADIUS: Vendor, Cisco [26] 23
*Mar 1 00:21:31.515: RADIUS: cisco-nas-port [2] 17 "FastEthernet1/0"
*Mar 1 00:21:31.515: RADIUS: NAS-Port-Type [61] 6 X75 [9]
*Mar 1 00:21:31.515: RADIUS: User-Name [1] 6 "user"
*Mar 1 00:21:31.515: RADIUS: Calling-Station-Id [31] 19 "08-00-27-B1-B3-32"
*Mar 1 00:21:31.515: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 1 00:21:31.515: RADIUS: Framed-MTU [12] 6 1500
*Mar 1 00:21:31.515: RADIUS: EAP-Message [79] 11
*Mar 1 00:21:31.515: RADIUS: 02 1D 00 09 01 75 73 65 72 [?????user]
*Mar 1 00:21:31.515: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.515: RADIUS: B1 8B 8F 4C F1 6D C9 A6 4E 96 B8 3D 53 E9 41 12 [???L?m??N??=S?A?]
*Mar 1 00:21:31.555: RADIUS: Received from id 1645/3 10.10.0.2:1645, Access-Challenge, len 93
*Mar 1 00:21:31.555: RADIUS: authenticator DF 38 A1 1B ED 3C 1E B2 - 1A 92 6A D5 58 CE B8 4A
*Mar 1 00:21:31.555: RADIUS: EAP-Message [79] 28
*Mar 1 00:21:31.555: RADIUS: 01 1E 00 1A 04 10 BE BA B4 B0 26 9D 52 0E 43 BC [??????????&?R?C?]
*Mar 1 00:21:31.555: RADIUS: 33 46 8E A8 C6 45 47 4E 53 33 [3F???EGNS3]
*Mar 1 00:21:31.555: RADIUS: State [24] 27
*Mar 1 00:21:31.555: RADIUS: 45 41 50 3D 30 2E 31 66 66 2E 39 38 36 2E 31 3B [EAP=0.1ff.986.1;]
*Mar 1 00:21:31.559: RADIUS: 53 56 43 3D 30 2E 31 35 3B [SVC=0.15;]
*Mar 1 00:21:31.559: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.559: RADIUS: 22 C8 D5 BB 44 FC FC 14 D3 2C C9 42 A3 9B A4 9E ["???D????,?B????]
*Mar 1 00:21:31.563: RADIUS: Found 26 bytes of EAP data in reply (ofs 0)
*Mar 1 00:21:31.563: RADIUS: Received 26 byte EAP Message in reply
*Mar 1 00:21:31.587: RADIUS: Pick NAS IP for u=0x65BAF324 tableid=0 cfg_addr=0.0.0.0
*Mar 1 00:21:31.587: RADIUS: ustruct sharecount=1
*Mar 1 00:21:31.587: Radius: radius_port_info() success=1 radius_nas_port=1
*Mar 1 00:21:31.587: RADIUS: added cisco VSA 2 len 15 "FastEthernet1/0"
*Mar 1 00:21:31.591: RADIUS: Request contains 26 byte EAP-message
*Mar 1 00:21:31.591: RADIUS: Added 26 bytes of EAP data to request
*Mar 1 00:21:31.591: RADIUS/ENCODE: Best Local IP-Address 10.10.0.253 for Radius-Server 10.10.0.2
*Mar 1 00:21:31.591: RADIUS(00000000): Send Access-Request to 10.10.0.2:1645 id 1645/4, len 171
*Mar 1 00:21:31.591: RADIUS: authenticator 0A A2 1F 7C 12 A8 AB F7 - 9F 87 C6 51 A4 0D EA A2
*Mar 1 00:21:31.595: RADIUS: NAS-IP-Address [4] 6 10.10.0.253
*Mar 1 00:21:31.595: RADIUS: NAS-Port [5] 6 0
*Mar 1 00:21:31.595: RADIUS: Vendor, Cisco [26] 23
*Mar 1 00:21:31.595: RADIUS: cisco-nas-port [2] 17 "FastEthernet1/0"
*Mar 1 00:21:31.595: RADIUS: NAS-Port-Type [61] 6 X75 [9]
*Mar 1 00:21:31.595: RADIUS: User-Name [1] 6 "user"
*Mar 1 00:21:31.595: RADIUS: Calling-Station-Id [31] 19 "08-00-27-B1-B3-32"
*Mar 1 00:21:31.595: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 1 00:21:31.595: RADIUS: Framed-MTU [12] 6 1500
*Mar 1 00:21:31.595: RADIUS: State [24] 27
*Mar 1 00:21:31.595: RADIUS: 45 41 50 3D 30 2E 31 66 66 2E 39 38 36 2E 31 3B [EAP=0.1ff.986.1;]
*Mar 1 00:21:31.595: RADIUS: 53 56 43 3D 30 2E 31 35 3B [SVC=0.15;]
*Mar 1 00:21:31.595: RADIUS: EAP-Message [79] 28
*Mar 1 00:21:31.595: RADIUS: 02 1E 00 1A 04 10 AA 09 8E 39 DE 29 E4 CC C6 BC [?????????9?)????]
*Mar 1 00:21:31.595: RADIUS: 7F 01 C8 47 EC 74 75 73 65 72 [???G?tuser]
*Mar 1 00:21:31.595: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.595: RADIUS: 33 57 82 E2 5C 24 A2 8C 67 CC 0D 8C 25 12 74 13 [3W??\$??g?????t?]
*Mar 1 00:21:31.731: RADIUS: Received from id 1645/4 10.10.0.2:1645, Access-Accept, len 90
*Mar 1 00:21:31.731: RADIUS: authenticator A0 0E DF D7 87 FD 9E B6 - BB 64 04 4F 56 2A 03 89
*Mar 1 00:21:31.735: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
*Mar 1 00:21:31.735: RADIUS: EAP-Message [79] 6
*Mar 1 00:21:31.735: RADIUS: 03 1E 00 04 [????]
*Mar 1 00:21:31.735: RADIUS: Tunnel-Type [64] 6 01:VLAN [13]
*Mar 1 00:21:31.739: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802 [6]
*Mar 1 00:21:31.739: RADIUS: Tunnel-Private-Group[81] 6 01:"100"
*Mar 1 00:21:31.739: RADIUS: Class [25] 22
*Mar 1 00:21:31.739: RADIUS: 43 41 43 53 3A 30 2F 35 62 31 2F 61 30 61 30 30 [CACS:0/5b1/a0a00]
*Mar 1 00:21:31.739: RADIUS: 66 64 2F 30 [fd/0]
*Mar 1 00:21:31.739: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.739: RADIUS: 75 BC F2 E0 91 07 6C 12 4D 5C BB 50 A4 FD D3 26 [u?????l?M\?P???&]
*Mar 1 00:21:31.739: RADIUS: Found 4 bytes of EAP data in reply (ofs 0)
*Mar 1 00:21:31.739: RADIUS: Received 4 byte EAP Message in reply
As a result the vlan-switch data based does not change.
Any help will be appreciated!
Thanks a lot,
Chelovekov AlexanderI've tried multiple ways to cope with this problem but nothing was helpfull...
Tunnel-Medium-Type [65] 6 01:ALL_802
I use only ACS Radius attributes and chose ony what ACS allows me to choose (Tunnel-medium-type: 802).
Screenshot n attachment.
The same situation occurs when i try to use some Vendor Specific Attributes (Cisco-AV-Pair) - downloadable ACEs to my user, and again, i see Radius attributes in my debug but nothing is applied to my L3 Switch.
What am i missing? -
Brush's radius problem Please help!
Hello everyone.
I am about to edit a photo which is RGB 8bit and I am expanding the background and putting few body figure toghetehr but I just noticed that when I use my brush in low opacity it leaves the brush's radius and I can see them in the art. see the below
It makes me so confuse and I need you suggestion how can I fix this problem.
I am using CS6 photoshop and working in PSD and save them in PSD as well. the wired thing is when I save the image in JPG and use the brush it deosnt leave that much of weird spots. Do I need to change the Color mod? Brush? Please help this thing gets more annoying when I save it in PDF.
Thanks!!You just picked a bad day to be testing it, though it's better that you did... What day is Saturday numerically? What is that +1.
You should be able to just change your logic to check what today is (0 thru 6) and then if today is Saturday (6)... you assign Sunday as the answer in your switch...
var weekDay=currentDate.getDay();
switch (weekDay){
case(0):weekDay_string="Monday"; break;
case(1):weekDay_string="Tuesday"; break;
case(2):weekDay_string="Wednesday"; break;
case(3):weekDay_string="Thursday "; break;
case(4):weekDay_string="Friday"; break;
case(5):weekDay_string="Saturday "; break;
case(6):weekDay_string="Sunday"; break;} -
I am having a problem with setting up a 2600 router to use our radius server. I have a switch working on the same radius server however the router will not work. I am able to login locally, however it doesn't ever authenticate with the radius server. Please let me know how to fix this problem, thank you for your help.
aaa new-model
aaa authentication login admin group radius local
aaa authorization exec both local
aaa session-id common
radius-server host 10.0.x.xx auth-port 1645 acct-port 1646 key *****
line vty 0 4
password 7 *******
login authentication admin
transport input telnetPeter
There are several ways to approach this problem. I would suggest first checking to see if the server is seeing the authentication request. Can you look in the logs of the server and determine whether the authentication request is received? If it is received is it authenticated successfully or is it denied?
There are several common problems which may produce symptoms similar to what you describe. - there is a possibility that the router is not configured with the correct address for the server.
- there is a possibility that something along the way (and access list or a firewall) is not permitting the packet to get to the server.
- there is a possibility that the server sees the request but that the source ip address of the request is not the source address that the server expects.
- there is a possibility that the server sees the request but that there is a mismatch in the key value which is shared by the server and the router.
so please check on the things that I have asked. If they do not produce the solution we will figure some way to troubleshoot this.
HTH
Rick -
Hi guys my problem is about Radius.It can not assign ip to remote host.This host request ppp and it terminated by on our Cisco router(LAC-LNS).And Cisco router uses AAA for authentication and ip assignment.Authentication part is okey.The host can connect radius and passes username password phase.But when the ppp protocol pass next ipcp level, host request;confreq is above,
Primary DNS server IP address: 0.0.0.0
Secondary DNS server IP address: 0.0.0.0
Primary WINS server IP address: 0.0.0.0
Secondary WINS server IP address: 0.0.0.0
IP address: 0.0.0.0
But the Router returns reject;confrej
Primary DNS server IP address: 0.0.0.0
Secondary DNS server IP address: 0.0.0.0
Primary WINS server IP address: 0.0.0.0
Secondary WINS server IP address: 0.0.0.0
IP address: 0.0.0.0
After this negotiation ppp ipcp part is terminated and the host never get ip address.
My question, Although the ppp authentication seems okey, why the remote host does not get ip address.Shoul I focus radius config. or Router config. ?
Thanks.Hi Marco,
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0.12
no ip mroute-cache
no peer default ip address
ppp authentication pap
ppp ipcp predictive
I will paste here also debug files.
Best regards -
Hi,
i try to setup wpa with peap user auth with a 1130 AP and cisco secure acs 4.2 server.
auth keeps failing and I even don't see failes attempts in my acs server. The AP is in the AAA section of the ACS and the have the same shared secret.
The ACS server is working corectly because I use it the authenticate users to log in the the routers
I enabled all possible authentication methods but no luck.
I use the windows xp suplicant and even tried with funk software.
in the dot11 authenticator debug i can't see any radius lines see attached file
can anybody help me out ?Is this Aironet or LWAPP?
In aironet, there is a way to test authentication via the access points..."test aaa radius " or something like that...sorry I forget since I converted to LWAPP..
Also, make sure the DB (LDAP/AD,etc..) is configured and mapped correctly in ACS but you should see something like "NAS errors" or DB errors in ACS if the access points were somewhat communicating with ACS..
Post the configs if you can... -
We are running Novell Netware 6.0 SP4 and eDirectory 8.6.2. We have set up
iChain 2.3 with the included NMAS and RADIUS services. iChain with NDS
password authentication works properly. Now we are trying to add token
authentication, and it is not working. The RADIUS screen keeps showing
"Access Request Dropped", "<ip address>, <user>, Unknown RADIUS client".
I have turned on debug mode, refreshed the cache, tried logging in again,
and checked the debug file. The error I am getting I have not seen
referenced in previous newsgroup posts. The important section shows this:
Context Lookup List set to:
[2004-08-05 09:42:21 AM] 1) DEN.RJL
[2004-08-05 09:42:21 AM] 2) RJL
[2004-08-05 09:42:21 AM] Number of contexts = 2
[2004-08-05 09:42:21 AM] tag extracted: 10.1.1.242, size: 11, tagLength: 22
[2004-08-05 09:42:21 AM] (->)NDSSetUpClientTable(DAS_RJL.RJL) failed, no
such entry (-601)
[2004-08-05 09:42:21 AM] Cache: Error from NDSSetUpClientTable: failed, no
such entry (-601)
[2004-08-05 09:42:21 AM] Cache: Successfully set up client table
It looks like it is not reading the client table properly, but I don't know
how to fix it. We have recreated the DAS object, removed and re-added the
client address in the DAS object, etc.
If anyone has any ideas on what else we can try, I would really appreciate
it. Thanks.You should always administer NMAS from a Windows workstation, Unfortunately
you can't administer NMAS, and therefore NMAS RADIUS, on any other platform
right now. The NMAS ConsoleOne snapins make native calls to nmaswrap.dll,
and this module is only available on Windows.
You can map a drive to your server from a Windows box and run ConsoleOne
from the mapped drive to see if this works. However, for best results with
RADIUS, you will want to install ConsoleOne locally on a Windows box. When
run over a mapped drive, the RADIUS snapin can take a very long time (5-15
minutes in my experience) to load the RADIUS attribute file.
You mentioned that you've been running ConsoleOne from a workstation, so I
assume that you've tried setting the DAS client information from a Windows
box already. If you have not tried this yet, then please do so.
The -601 you're getting from NMAS_GetLoginConfig is interesting.
Unfortunately this method is implemented in NMAS.NLM, which is maintained by
a different team, so I'm not sure how much more help I can provide with
this. However, I do have a few ideas:
1) When RADIUS calls NMAS_GetLoginConfig, its asking NMAS to read encrypted
data that is stored in attributes on the DAS object. If I remember
correctly, NMAS.NLM cannot go off the box when it does this. Does your
RADIUS server have a local replica that contains the DAS object? If it does
not, then this might be your problem.
2) If putting the DAS in a local replica does not work, then a DS Trace with
the NMAS and Resolve Name options turned on may provide some insight. (I
can't remember if NMAS is a DS Trace option in eDir 8.6 - if you don't see
the NMAS option, then don't worry about it.) Start DSTrace while RADIUS is
running and issue a "radius refreshcache" command like you did before.
If neither of the above suggestions is helpful, then tell the support
engineer you're working with that the -601 error is coming from
NMAS_GetLoginConfig and which version of NMAS.NLM you have. Please also tell
the support engineer that you've been working with me (Scott Kiester) on
this, and that he/she may call me they have any questions.
>>> Stephen Taylor<[email protected]> 08/06/04 12:38 PM >>>
Hi Scott,
Thank you for the follow-up. Based on suggestions from some of your other
posts, I had already run ConsoleOne with the debug window, and I did not
see
any errors when I added a DAS client. I ran the SDIDiag utility and went
through the three recommended steps. There were no errors, and the tree key
looked the same on all our servers. I did not know about the NMAS log file.
I followed your directions, and this is all that the log file shows:
0: Screen and file output started at Fri Aug 6 10:49:53 2004
GetLoginConfig: -601
NMAS_GetLoginConfig: -601
Based on a couple of other posts, I decided to try deleting the DAS object
and recreating it using ConsoleOne from the NMAS server instead of from a
workstation. It asks me for the password when creating the object, then
immediately abends the serve and locks up ConsoleOne. This has happened
three times now, even after reloading the snap-ins. I don't know what to
try
next. We have run dsrepair and it runs cleanly.
"Scott Kiester" <[email protected]> wrote in message
news:_uOQc.4698$8%[email protected]...
> Hi Stephen,
>
> Based on the log snippet that you posted, it appears that an NMAS call is
> failing and returning the -601 error. NMAS RADIUS makes a call to NMAS to
> obtain the client shared secrets because NMAS will encrypt them before
> storing them in eDirectory. It looks like your server is able to read the
> client IP address off of the DAS object, but is unable to obtain the
> corresponding shared secret from NMAS.
>
> I can think of a couple of things that might cause this:
>
> 1) Perhaps ConsoleOne is not storing the shared secret. Unfortunately,
the
> ConsoleOne snapin will not report errors it encounters while storing
entries
> in the client table. ConsoleOne must make an NMAS call to store the
shared
> secret, and if this call fails it will not report the error. You can
usually
> tell if this call failed by closing the DAS "Properties" dialog and
> re-opening it after adding a new entry. If your new entry is not there
when
> the dialog is re-opened, then the call failed.
>
> To find out if this call is failing, please start ConsoleOne with the
> following command line: "consoleone -debug -windowout". This will make
> ConsoleOne display a debug window in the top-left portion of your screen.
If
> an error occurs when you add a DAS client, you will see an error code and
> stack dump in this window. If this happens, please post the error code
and
> stack dump.
>
> Problems with the tree key are the most common reason for this call to
fail.
> You can resolve tree key issues using the SDIDIAG utility, which is
> available from the support site.
>
> 2) It is unusual to get a -601 ("object not found" - this is _not_ the
same
> as "attribute not found") error when RADIUS attempts to make this NMAS
call.
> RADIUS must set up and log in a new DS context before it calls NMAS here.
> It's possible that this is where the failure is, but I think it's
unlikely.
> The -601 error is probably coming from the NMAS call. If you determine
that
> ConsoleOne is storing this data properly using the instructions in step
1,
> then it would be helpful to see a log file from NMAS when this call is
made.
> To get this log file, please do the following:
>
> A) Load RADIUS and provide the DAS name and password
> B) At the server console, type "nmasmon * sys:\etc\nmasmon.log"
> C) At the server console, type "radius refreshcache"
> D) At the server console, type "unload nmasmon"
>
> This will cause NMAS log information to be written to
sys:\etc\nmasmon.log.
> Please post this file here, or send it to me at [email protected].
> -
Cisco AAA authentication with windows radius server
Cisco - Windows Radius problems
I need to created a limited access group through radius that I can have new network analysts log into
and not be able to commit changes or get into global config.
Here are my current radius settings
aaa new-model
aaa group server radius IAS
server name something.corp
aaa authentication login USERS local group IAS
aaa authorization exec USERS local group IAS
radius server something.corp
address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
key mypassword
line vty 0 4
access-class 1 in
exec-timeout 0 0
authorization exec USERS
logging synchronous
login authentication USERS
transport input ssh
When I log in to the switch, the radius server is passing the corrrect attriubute
***Jan 21 13:59:51.897: RADIUS: Cisco AVpair [1] 18 "shell:priv-lvl=7"
The switch is accepting it and putting you in the correct priv level.
***Radius-Test#sh priv
Current privilege level is 7
I am not sure why it logs you in with the prompt for privileged EXEC mode when
you are in priv level 7. This shows that even though it looks like your in priv exec
mode, you are not.
***Radius-Test#sh run
^
% Invalid input detected at '^' marker.
Radius-Test#
Now this is where I am very lost.
I am in priv level 7, but as soon as I use the enable command It moves me up to 15, and that gives me access to
global config mode.
***Radius-Test#enable
Radius-Test#
Debug log -
Jan 21 14:06:28.689: AAA/MEMORY: free_user (0x2B46E268) user='reynni10'
ruser='NULL' port='tty390' rem_addr='10.100.158.83' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
Now it doesnt matter that I was given priv level 7 by radius because 'enable' put me into priv 15
***Radius-Test#sh priv
Current privilege level is 15
Radius-Test#
I have tried to set
***privilege exec level 15 enable
It works and I am no longer able to use 'enable' when I am at prv level 7, but I also cannot get the commands they will need to work.
Even if I try to do
***privilege exec level 7 show running-config (or other variations)
It will allow you to type sh run without errors, but it doest actually run the command.
What am I doing wrong?
I also want to get PKI working with radius.I can run a test on my radius system, will report back accordingly, as it's a different server than where I am currently located.
Troubleshooting, have you deleted the certificate/network profile on the devices and started from scratch? -
Hi,
This problem below got caught up on another thread with a different problem, thought best to start a new thread for it.
My particular problem here comes from user manipulation via Manage Your Places of the radius of pins. It is slow, it is jerky and it is buggy and what it did some weeks back was jump on one particular pin and expand it to cover the entire world which basically overwrote every other location I had set. Why it would overwrite these without the user changing the settings for said pictures themselves is absolute stupidity, but I digress.
Rebuilding libraries etc. is not going to retract the radius of that circle I am assuming and restore all of the original locations I had. Anyway, I took a deep breath and decided to approach places a little differently and have a lot less specific places. Before I might have had 15 photo locations for a town, now the pics will come under just the town name.
So I have been going through renaming one of the fifteen pins (just from this one town as an example) as the town name, expanding it to cover the area the 15 covered then I delete off the other 14 as places. Time consuming and laborious but I see an eventual sensible outcome from it and in theory quicker to rename all my lost places.
The problem is that the radius issue keeps happening, half a dozen times in the past 3 or 4 days alone and this meant that roughly 2500 pics I had relabelled were once again overwritten with the location of the pin with the expanded radius. And I'm back to square one.
So is there any workaround for this particular Places problem?
Thanks,
C.@Craig,
I am not sure to what extent less specific places "solves" the problem, which seems to be the radius that a pin receives when placed on the map for the first time. It seems to be a value determined by Google, is not displayed in the teeny-weeny Assign a Place... dialog, and cannot be modified until it has or has not overlapped other custom places. So, while the probability of overlap might be somewhat reduced by less specific places, the inconvenience it causes is increased. I have noticed that Google defines a region named "Aletschgletscher" or "Jungfrau Aletsch" (working from memory here), which has a rather large radius due to the very irregular shape of the glacier, and that pins defined for towns in the Obergoms region, e.g., Blitzingen, Niederwald, Oberwald, Ulrichen, etc., often assumed the very large radius of the Aletsch Glacier. Besides, I'm wondering why on earth I should have to modify my use of this feature to accommodate Apple's stupid implementation of it. Nobody in Apple should even consider making the argument that this is how it should work. The legions of problems it causes is well documented in these forums, although, as we all know, Apple "isn't monitoring" them and hence, presumably, is quite unaware of them. And iPhoto 09 implemented Places completely differently -- the interface didn't have the eye-candy and "just magical" appeal of the present one, but it didn't cause the problems we're experiencing with Places in iPhoto 11.
My "solution" to the pin radius problem is:
Enter a character string in "Assign a Place..." and see what iPhoto suggests.
If you are tempted to select a suggestion that is a custom place of yours, do so only if you don't intend to modify its location or name. Doing so will have the same effect as modifying it in Manage My Places!
If you select a place suggested by Google, try to locate it sufficiently far away from other custom places (iPhoto no help here), and give it a name that you can easily recognize and distinguish from Google's suggestions in the future (cf. warning above).
Go directly to Manage My Places, find the new place, judge which existing places it overlaps, and note them down somewhere for the next step. Then reduce its radius and adjust its location.
Go into the Places view and select the new place. In all probability there will be photos at that place that don't belong there. Assign them to the correct place from the list you made in the step above.
Weep and gnash teeth as necessary. Regularly chant: "On a Mac it just works!" Keep stiff upper lip and imagine how much clumsier this must be in Windows.
Regards,
Richard -
Hi Guys! Will you share your thoughts on a Thread issue?
Hi! I am working on figuring out how to get my application to use threads to enable the simultaneous movement of (n) balls across the JFrame area. The task is to enable the user to click on the application and with each click a new ball should be created as a Thread and then it should bounce back and forth across the screen.
I have been working on this now for a couple of days. It would be really great if one of you guys could help me! :-)
Here are my specific issues:
I am using the mousePressed() method to generate the data needed to instantiate a Ball object. However, I cannot get it to work as a Thread.
I tried calling the start() method on it but all that happens is the application stays blank.
I cannot get this thing to work -and I really need to make it work today -- Please --- is there a sweetheart out there who will take a minute to help? ;-)
Jennifer
My code is below:
Balls.java
import java.util.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
public class Balls extends JFrame implements MouseListener
private int x, y, r, g, b;//Variables to hold x,y and color values
private Vector basketOBalls;//Hold all of the Ball objects (and Threads created)
private Ball ballFactory;//Ball objects created here
Method Name: Balls()
Return Value: none
Input Parameters: None
Method Description: Constructor
public Balls()
//call to super for Title of app
super( " Bouncing Balls " );
//Listen for mouse events
addMouseListener( this );
//instantiate the basketOBalls object
basketOBalls = new Vector(20);
//Set Initial JFrame Window Size
setSize( 400, 400 );
//Show it!
show();
}//EOConstructor
Method Name: mousePressed(MouseEvent e)
Return Value: none
Input Parameters: MouseEvent
Method Description: This takes the info from the users
mouse click and creates a new Ball Object and then adds it
to the basketOBalls Vector. Presently, it (incorrectly?) also
calls the repaint() method in order to draw the ball to the
screen.
public void mousePressed( MouseEvent e )
x = e.getX();//set x value
y = e.getY();//set y value
r = 1 + (int) ( 254 * Math.random() );//set red value
g = 1 + (int) ( 254 * Math.random() );//set green value
b = 1 + (int) ( 254 * Math.random() );//set blue value
Color colorin = new Color( r, g, b );
ballFactory = new Ball( x, y, colorin );
//new Thread(ballFactory).start(); //This is the Problem area!!!!!!!!!!!!!!!!!!!!!
basketOBalls.addElement( ballFactory );
repaint();
}//EOmP
Method Name: paint( Graphics g )
Return Value: none
Input Parameters: Graphics Object g
Method Description: Walk through the Vector to
explicitly cast each object back as a Ball and
then calls the Ball draw() and ball move() methods
in order to make the balls move on the screen.
public void paint( Graphics g )
Ball b;
for( int i = 0; i < basketOBalls.size(); i++)
b = (Ball) (basketOBalls.elementAt(i));
b.draw(g);
b.move();
}//EOFor
}//EOpaint
Method Name: main()
Return Value: none
Input Parameters: String args[]
Method Description: This makes it all go.
public static void main( String args[] )
Balls app = new Balls();
app.addWindowListener(
new WindowAdapter()
public void windowClosing( WindowEvent e )
System.exit(0);
}//EOwindowClosing Method
}//EOWindowAdapter Method
);//EOaddWindowListener Argument
}//EOMain
public void mouseClicked( MouseEvent e ) { }
public void mouseReleased( MouseEvent e ) { }
public void mouseEntered( MouseEvent e ) { }
public void mouseExited( MouseEvent e ) { }
}//EOFBall.java
import java.util.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
public class Ball extends JFrame //implements Runnable
public static final int APP_SIZE = 400;//set bounds for screen area
public static final int RADIUS = 15;//set size of balls
private Color bgColor = java.awt.Color.lightGray;//may be used to clear background of JFrame
private int x, y;//x & y coordinates
private int speedX, speedY;//distances to use to redraw the balls
private Color color = null;//the color of a ball
Method Name: Ball(int initX, int initY, Color colorin)
Return Value: none
Input Parameters: int, int , color
Method Description: Constructor that creates a Ball object
public Ball(int initX, int initY, Color colorin)
x = initX;
y = initY;
color = colorin;
speedX = (int)(1 + (Math.random() * 10));
speedY = (int)(1 + (Math.random() * 10));
Method Name: move()
Return Value: none
Input Parameters: none
Method Description: This calculates the balls position and keeps it within
the 400 pixel size of the application frame.
public void move()
x += speedX;
y += speedY;
if ((x - RADIUS < 0) || (x + RADIUS > APP_SIZE))
speedX = -speedX;
x += speedX;
if ((y - RADIUS < 0) || (y + RADIUS > APP_SIZE))
speedY = -speedY;
y += speedY;
} //EOMove
Method Name: draw(Graphics bg)
Return Value: none
Input Parameters: graphics
Method Description: This method is how the ball draws itself
public void draw(Graphics bg)
bg.setColor( color );
bg.fillOval(x - RADIUS, y - RADIUS, 2 * RADIUS, 2 * RADIUS);
//PROBLEM AREA PROBLEM AREA PROBLEM AREA PROBLEM AREA PROBLEM AREA PROBLEM AREA
Method Name: run()
Return Value: none
Input Parameters: none
Method Description: This method is called by start() in the Balls.java file
found in the mousePressed() method. however, it does not work properly.
public void run()
while(true)
try
Thread.sleep(100);
move();
draw(g);
repaint();
catch(Exception e)
e.printStackTrace( System.out );
}//EOFThere needs to be only one thread. On every mouse pressed just add a new Ball object to the vector located in Balls class. That thread need only invoke a repaint on your main class called Balls.
public class Balls extends JFrame implements Runnable,MouseListener{
Vector vector = new Vector();
public static void main(String[] args){
Balls balls = new Balls(); balls.setSize(400,400);
balls.setVisible(true);
Thread thread = new Thread(this);
thread.start();
public void run(){
while(true){
repaint();
try{
Thread.sleep(4000); //delay
}catch(InterruptedException e){}
public void paint(Graphics){
for(i=0; i<vector.size(); i++){
Ball b = (Ball)vector.elementAt(i);
reposition(b);
g.drawArc(b.getX(),b.getY(),0,360);
public void reposition(Ball b){
// reposition ball using balls get/set methods.
public void MouseClicked(MouseEvent e){
// add a new ball to vector.
public class Ball{
int x,y;
public int getX(){ return x; }
public int getY(){ return y; }
public int setX(int x){ this.x = x; }
public int setY(int y){ this.y = y; }
Do check the syntax and compilation errors. The code above should give you some idea for approach. -
How to increase built-in cisco vpn peer response timer?
Hi,
I use OS x in-built cisco vpn client to connect to work VPN.
The VPN server, or perhaps the radius server, takes a long time to return a response. OS X always try for 10 seconds, then drop the conneciton when no response from the remote peer. When I use cisco vpn client on a windows machine, the vpn client has a setting to allow for 90 seconds remote peer response time. It works fine using cisco vpn client.
I prefer to use os x as my primary working environment, so I need to fix this problme. My question is how to increase the phase 1 & 2 timer for vpn under 10.6.7. I have tried to change racoon.conf phase 1 & phase 2 timer, but it made no difference. OS X only try for 10 seconds.
Any ideas? (besides asking work people to fix the server or radius problem)
Thanks
jmsherry123i have the same problem ... certificate is imported in keychain, but cant select it when setup vpn connection
-
802.1x Windows 2012 IAS
Hello I´m trying to setup 802.1x on an old 3560 switch.
The Switch is a:
Switch Ports Model SW Version SW Image
* 1 52 WS-C3560-48TS 12.2(25)SEE3 C3560-ADVIPSERVICESK
I´m using Windows 2012 IAS as RADIUS with the following policies:
I have the folling config on the switch:
aaa group server radius RadiusAuth
server 172.29.8.12 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication login local enable
aaa authentication dot1x default group RadiusAuth
aaa authorization network default group RadiusAuth
dot1x system-auth-control
interface FastEthernet0/31
description 802.1x tests
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 3
dot1x timeout tx-period 5
dot1x guest-vlan 106
spanning-tree portfast
radius-server host 172.29.8.12 auth-port 1645 acct-port 1646
radius-server retry method reorder
radius-server transaction max-tries 10
radius-server timeout 4
radius-server deadtime 2
radius-server key KEYSECRET
radius-server vsa send authentication
And I cant authenticate , I think it is a RADIUS problem.
I have this aditional debug info related with RADIUS and Dot1x:
004898: Aug 5 12:32:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to down
004899: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
004900: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
004901: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
004902: 7w6d: RADIUS(00000019): sending
004903: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
004904: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/77, len 173
004905: 7w6d: RADIUS: authenticator A7 3A 07 F8 8D 5B C1 76 - 67 8E 66 54 05 04 0C DB
004906: 7w6d: RADIUS: User-Name [1] 19 "DOMAIN\User"
004907: 7w6d: RADIUS: Service-Type [6] 6 Framed [2]
004908: 7w6d: RADIUS: Framed-MTU [12] 6 1500
004909: 7w6d: RADIUS: Called-Station-Id [30] 19 "00-17-94-97-D9-23"
004910: 7w6d: RADIUS: Calling-Station-Id [31] 19 "00-24-BE-C7-09-6F"
004911: 7w6d: RADIUS: EAP-Message [79] 24
004912: 7w6d: RADIUS: 02 02 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C [?????DOMAIN\]
004913: 7w6d: RADIUS: 6F 6C 6F 70 65 7A [USER]
004914: 7w6d: RADIUS: Message-Authenticato[80] 18
004915: 7w6d: RADIUS: 31 C9 68 BA B8 E9 DC 78 6E 87 7E A4 89 D5 0C 81 [1?h????xn?~?????]
004916: 7w6d: RADIUS: Vendor, Cisco [26] 24
004917: 7w6d: RADIUS: cisco-nas-port [2] 18 "FastEthernet0/31"
004918: 7w6d: RADIUS: NAS-Port [5] 6 50031
004919: 7w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
004920: 7w6d: RADIUS: NAS-IP-Address [4] 6 172.29.11.1
004921: Aug 5 12:32:32: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
004922: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004923: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004924: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004925: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004926: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
004927: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
004928: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
004929: 7w6d: RADIUS(00000019): sending
004930: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
004931: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/78, len 173
004932: 7w6d: RADIUS: authenticator 84 B1 75 9D 4C 21 0F 9D - 19 01 A6 23 DE 1B 74 1A
004933: 7w6d: RADIUS: User-Name [1] 19 "DOMAIN\User"
004934: 7w6d: RADIUS: Service-Type [6] 6 Framed [2]
004935: 7w6d: RADIUS: Framed-MTU [12] 6 1500
004936: 7w6d: RADIUS: Called-Station-Id [30] 19 "00-17-94-97-D9-23"
004937: 7w6d: RADIUS: Calling-Station-Id [31] 19 "00-24-BE-C7-09-6F"
004938: 7w6d: RADIUS: EAP-Message [79] 24
004939: 7w6d: RADIUS: 02 03 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C [?????DDOMAIN\]
004940: 7w6d: RADIUS: 6F 6C 6F 70 65 7A [User]
004941: 7w6d: RADIUS: Message-Authenticato[80] 18
004942: 7w6d: RADIUS: D3 1E DC 03 5E 13 CF 93 6B 7F F4 B8 DB 20 65 A6 [????^???k???? e?]
004943: 7w6d: RADIUS: Vendor, Cisco [26] 24
004944: 7w6d: RADIUS: cisco-nas-port [2] 18 "FastEthernet0/31"
004945: 7w6d: RADIUS: NAS-Port [5] 6 50031
004946: 7w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
004947: 7w6d: RADIUS: NAS-IP-Address [4] 6 172.29.11.1
004948: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004949: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004950: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004951: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004952: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004953: Aug 5 12:33:04: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.29.8.12:1645,1646 is not responding.
004954: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004955: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004956: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004957: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004958: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004959: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/77
004960: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
004961: 7w6d: RADIUS/DECODE: parse response; FAIL
004962: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004963: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004964: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004965: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004966: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/78
004967: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
004968: 7w6d: RADIUS/DECODE: parse response; FAIL
004969: Aug 5 12:35:04: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
DOT1X
005294: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
005295: 7w6d: dot1x-registry:dot1x_switch_port_linkcomingup invoked on interface Fa0/31
005296: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to UP
005297: 7w6d: dot1x_auth Fa0: initial state auth_initialize has enter
005298: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
005299: 7w6d: dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
005300: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
005301: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
005302: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005303: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005304: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005305: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
005306: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
005307: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
005308: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
005309: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
005310: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
005311: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005312: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
005313: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
005314: 7w6d: dot1x-ev:dot1x_switch_enable_on_port: Enabling dot1x on interface FastEthernet0/31
005315: 7w6d: dot1x-ev:dot1x_switch_enable_on_port: set dot1x ask handler on interface FastEthernet0/31
005316: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005317: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005318: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005319: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005320: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005321: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005322: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005323: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005324: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005325: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005326: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005327: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005328: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005329: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005330: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005331: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005332: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005333: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005334: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005335: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005336: 7w6d: EAPOL pak dump Tx
005337: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005338: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005339: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005340: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005341: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005342: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
005343: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
005344: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
005345: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0016
005346: 7w6d: dot1x-ev:Created a client entry for the supplicant 0024.bec7.096f
005347: 7w6d: dot1x-ev:Found the default authenticator instance on FastEthernet0/31
005348: 7w6d: dot1x-registry:EAPOL traffic seen on FastEthernet0/31
005349: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
005350: 7w6d: EAPOL pak dump rx
005351: 7w6d: EAPOL Version: 0x1 type: 0x0 length: 0x0016
005352: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
005353: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
005354: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
005355: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
005356: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
005357: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
005358: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
005359: Aug 5 12:39:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
005360: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005361: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
005362: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
005363: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
005364: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
005365: 7w6d: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/31
005366: 7w6d: EAPOL pak dump rx
005367: 7w6d: EAPOL Version: 0x1 type: 0x1 length: 0x0000
005368: 7w6d: dot1x-sm:Posting EAPOL_START on Client=39E7F78
005369: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 4(eapolStart)
005370: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_aborting
005371: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
005372: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_enter called
005373: 7w6d: dot1x-sm:Posting AUTH_ABORT on Client=39E7F78
005374: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_response, got event 1(authAbort)
005375: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_initialize
005376: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
005377: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_initialize_enter called
005378: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_initialize
005379: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
005380: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
005381: 7w6d: dot1x-sm:Posting !AUTH_ABORT on Client=39E7F78
005382: 7w6d: dot1x_auth Fa0: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
005383: 7w6d: @@@ dot1x_auth Fa0: auth_aborting -> auth_restart
005384: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_exit called
005385: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
005386: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
005387: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_restart_action called
005388: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005389: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005390: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005391: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
005392: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
005393: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
005394: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005395: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005396: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005397: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_enter called
005398: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_authenticating_action called
005399: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005400: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005401: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005402: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_enter called
005403: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005404: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005405: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005406: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005407: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005408: 7w6d: EAPOL pak dump Tx
005409: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005410: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005411: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0024.bec7.096f)
005412: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_request_action called
005413: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005414: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
005415: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
005416: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
005417: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0016
005418: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
005419: 7w6d: EAPOL pak dump rx
005420: 7w6d: EAPOL Version: 0x1 type: 0x0 length: 0x0016
005421: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
005422: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
005423: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
005424: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
005425: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
005426: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
005427: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
005428: 7w6d: dot1x-sm:Posting A_WHILE_EXPIRE on Client=39E7F78
005429: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_response, got event 9(aWhile_expire)
005430: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_timeout
005431: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
005432: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_timeout_enter called
005433: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_timeout_action called
005434: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_timeout
005435: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
005436: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
005437: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
005438: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
005439: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
005440: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
005441: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_fallback_enter called
005442: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
005443: 7w6d: dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
005444: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
005445: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authc_result_enter called
005446: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005447: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
005448: 7w6d: dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
005449: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
005450: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005451: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
005452: 7w6d: dot1x_auth Fa0: during state auth_held, got event 13(restart)
005453: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
005454: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_held_exit called
005455: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
005456: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
005457: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005458: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005459: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005460: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
005461: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
005462: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
005463: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
005464: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
005465: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
005466: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter called
005467: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter sending canned failure to version 1 supplicant
005468: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x4 id: 0x4 length: 0x0004 type: 0x0 data:
005469: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005470: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005471: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005472: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005473: 7w6d: EAPOL pak dump Tx
005474: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0004
005475: 7w6d: EAP code: 0x4 id: 0x4 length: 0x0004
005476: 7w6d: dot1x-packet:dot1x_auth_txCannedFail: EAPOL packet sent to client (0024.bec7.096f)
005477: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005478: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005479: 7w6d: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/31
005480: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
005481: 7w6d: dot1x-ev:dot1x_vlan_assign_client_deleted on interface FastEthernet0/31
005482: 7w6d: dot1x_auth Fa0: initial state auth_initialize has enter
005483: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
005484: 7w6d: dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
005485: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
005486: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
005487: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005488: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005489: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005490: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
005491: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
005492: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
005493: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
005494: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
005495: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
005496: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005497: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
005498: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
005499: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005500: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005501: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005502: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005503: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005504: Aug 5 12:40:17: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
005505: 7w6d: dot1x-ev:dot1x_critical_active_state_change: Critical Auth Active state changed to FALSE
005506: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005507: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005508: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005509: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005510: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005511: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005512: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005513: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005514: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005515: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005516: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005517: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005518: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005519: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005520: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005521: 7w6d: EAPOL pak dump Tx
005522: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005523: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005524: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005525: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005526: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005527: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005528: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005529: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005530: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005531: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005532: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005533: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005534: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005535: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005536: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005537: 7w6d: EAPOL pak dump Tx
005538: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005539: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005540: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005541: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005542: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005543: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005544: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005545: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005546: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005547: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005548: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005549: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005550: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005551: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005552: 7w6d: EAPOL pak dump Tx
005553: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005554: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005555: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005556: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
005557: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
005558: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
005559: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
005560: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
005561: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
005562: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_timeout
005563: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
005564: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005565: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
005566: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
005567: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
005568: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
005569: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
005570: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
005571: 7w6d: dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
005572: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
005573: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
005574: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005575: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
005576: 7w6d: dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
005577: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
005578: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005579: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
005580: 7w6d: dot1x_auth Fa0: during state auth_held, got event 13(restart)
005581: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
005582: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
005583: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005584: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
005585: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005586: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005587: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005588: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005589: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005590: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005591: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005592: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005593: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005594: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005595: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005596: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005597: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005598: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005599: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005600: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005601: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005602: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005603: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005604: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005605: 7w6d: EAPOL pak dump Tx
005606: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005607: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005608: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005609: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005610: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005611: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005612: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005613: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005614: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005615: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005616: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005617: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005618: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005619: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005620: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005621: 7w6d: EAPOL pak dump Tx
005622: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005623: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005624: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005625: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005626: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005627: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005628: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005629: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005630: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005631: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005632: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005633: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005634: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005635: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005636: 7w6d: EAPOL pak dump Tx
005637: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005638: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005639: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005640: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
005641: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
005642: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
005643: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
005644: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
005645: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
005646: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_timeout
005647: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
005648: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005649: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
005650: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
005651: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
005652: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
005653: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
005654: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
005655: 7w6d: dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
005656: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
005657: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
005658: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005659: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
005660: 7w6d: dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
005661: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
005662: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005663: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
005664: 7w6d: dot1x_auth Fa0: during state auth_held, got event 13(restart)
005665: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
005666: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
005667: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005668: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
005669: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005670: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005671: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005672: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005673: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005674: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005675: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
005676: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
005677: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
005678: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
005679: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005680: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005681: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005682: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
005683: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005684: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005685: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005686: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005687: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005688: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005689: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005690: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005691: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005692: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005693: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005694: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005695: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005696: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005697: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005698: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x5 length: 0x0005 type: 0x1 data:
005699: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005700: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005701: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005702: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005703: 7w6d: EAPOL pak dump Tx
005704: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005705: 7w6d: EAP code: 0x1 id: 0x5 length: 0x0005 type: 0x1
005706: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005707: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005708: 7w6d: dot1x-registry:dot1x_switch_port_physical_linkchange invoked on interface Fa0/31
005709: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to DOWN
005710: 7w6d: dot1x-ev:Cleared all authenticator instances on FastEthernet0/31
Dot1x Info for FastEthernet0/31
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 3
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 5
RateLimitPeriod = 0
Guest-Vlan = 106
Any idea? thanks in advance.Did you try "Unencrypted authentication (PAP, SPAP)" tick in Network Policies?
It's probably going to solve your problem
Maybe you are looking for
-
How to open RAW files in photoshop cs3
Three years ago I purchased a Nikon 7000 and the cs3 will not open the Raw files
-
Text Box borders take too long to download
Can anyone help me out. I have a web site (www.ravensfc.com) If you look on the site the white lines around the text boxes are the last to load and seem to hold up the site. I have used html optimiser but this just seems to cut the image size. I was
-
BP Negative Balance against Deliveries with out the Drill Down option...
Hi Guys, There is a BP balance against Deliveries which is a negative balance. It does not give the option to drill down. when the entries were checked, I can't find a same balance posted under a Return or a Delivery. Any thoughts. Thanks. Kind rega
-
Hi Guys, Scenario: I have a production database 10.2.0.4 running in host A. I did a full backup of the database using rman and of cause, all the archive logs. Now in host B, i wanted to perform a restore of the database. I'm aware there's a duplicate
-
Indesign crashes when picking swatches
hi, Im working in indesign cs3 (updated to latest) on tiger 10.4.11 I have been working on this book on and off since April, but last week i noticed indesign crashing when color swatches are picked from the swatches palette. This especially happens w