Windows 2012 r2 802.1X MAC Address bypass configuration
I am setting up MAB for my environment and I want to make sure I am setting it up correctly, as I see some articles stating there is a reg edit needed and others that don't mention it at all.
I have Dell PowerConnect switch with 802.1X authentication working for my Domain Computers.
I now want to allow non-802.1x capable devices to be assigned the correct vlans (Printers, IP Phones, etc).
I have created a user account in AD for the device, using lowercase MAC Address for the username and password.
I have set the switchport to allow MAB
I have created a NPS Network Policy for one of the devices and assigned the groups it belongs to and set Authentication Method to: Unencrypted (PAP,SPAP).
I keep receiving this error in the logs "The user attempted to use an authentication method that is not enabled on the matching network policy"
Does anyone have advice or can direct me to a nice guide/checklist of all the areas that need to be set to allow this to happen?
You've posted in the Print/Fax forum, but I can see you've also posted in the NAP forum. You'll likely get a better response over there, so maybe you should delete this question in here..
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)
Similar Messages
-
802.1x: MAC Authentication Bypass
Hey sorry for keeping bugging you guys...
So I am configuring this Bypass thing on my 3750 switch. It works fine. It seems the switch will send a access request to the radius server (I use FreeRadius) with the username/password both as the MAC address of the deivce.
However my dilema is that I have 200+ these devices. I can easily create a user group with MAC starting with 00a008 (which are the first 3 octets of the MAC addresses), however it's impossible to include each of the MAC address as the password!
So my question is that whether there is a way to configure the switch use a static string as the password for all the devices using MAC Authentication Bypass?
Thank you!!
DifanDifan:
I went through your post and understand that you are in a process of configuring 802.1x with MAB in such way so that you use custom password (except Mac address) for all users OR shared password string that should be sent by the switch but this is not possible.
Reason: Switch only send the device Mac address as the username and password. The user name should be the mac address of the client and the password should be same as username and this can't be change on cisco switches.
I have also attached a document regarding MAB for your better understanding.
This forum is only for you guys...keep bugging us
HTH
JK
Pls rate helpful posts- -
Windows Network Load Balancing - Virtual MAC Address
Hi All,
I have environment that running 2 Exchange 2010 server with CASHT and join windows network load balancing as a node.
My question is,
If NLB service is restart, is it virtual MAC Address for NLB will change to new virtual MAC Address?
Thanks for response,
Best Regards,
Henry StefanusHi Henry Stefanus,
The NLB work mechanism will not change whether what higher application we used and I am not very familiar with Exchange NLB architecture, may the following KB and article
may help you.
When you use the unicast method, all cluster hosts share an identical unicast MAC address. Network Load Balancing overwrites the original MAC address of the cluster adapter
with the unicast MAC address that is assigned to all the cluster hosts.
When you use the multicast method, each cluster host retains the original MAC address of the adapter. In addition to the original MAC address of the adapter, the adapter is
assigned a multicast MAC address, which is shared by all cluster hosts. The incoming client requests are sent to all cluster hosts by using the multicast MAC address.
Selecting the Unicast or Multicast Method of Distributing Incoming Requests
http://technet.microsoft.com/en-us/library/cc782694(v=ws.10).aspx
The related third party article:
Building NLB Exchange 2010 RTM CAS / HT Servers (Hyper-V) – Part 1
http://blog.morecoffeeany1.com/2010/03/19/building-nlb-exchange-2010-rtm-cas-ht-servers-hyper-v-%E2%80%93-part-1/
I’m glad to be of help to you!
*** This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these
sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. ***
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Static MAC address without configuration
Hello,
i am a german guy, so please excuse my bad english.
I have a question about static MAC addresses on a WS-C3750G-48TS Switch.
I have no static adresses configured on my switch, but see some when execute the "show mac address-table static" command. And i mean not the 0000.0c07.ac01 addresse for HSRP, Spanning-tree or something else, which are forwarded to the CPU, i mean entries like this:
Switch#show MAC address-table interface g2/0/47
Mac Address Table
Vlan Mac Address Type Ports
3 1212.1212.1212 STATIC Gi2/0/47
3 1414.1414.1414 STATIC Gi2/0/47
Total Mac Addresses for this criterion: 2
This entries not configured or dynamicly learned.
I suspected functions like gratitious-arp, but this is only for IP<->MAC translation. Then i have searched functions like gratitious-mac or mac-notification. I have searched for a function with tells the switchport: "Hey, that is my MAC address. There is no need to learn this address dynamicly", but with no luck.
Does anybody can tell me, why these MAC addresses are shown static, and not dynamicly?
Thanks for help.
ThomasHi Thomas,
Are there any port-security related configurations in interface Gi2/0/47? Could you post the running-configuration of this interface in concern, output of show mac-address-table interface Gi2/0/47 and also could you let me know what is connected to this interface?
Thanks,
Arun -
Enabling 802.1x and MAC Authentication Bypass on ACS 4.2
Hi experts,
I have a few questions regarding 802.1x & MAC Authentication Bypass configured on ACS 4.2.
i. Is it possible to configure MAC authentication + 802.1x on ACS 4.2 at the same time? Here is the scenario;
Our company would like to enforce 'double authentication' on each staff machine (include those personal laptop/notebook). Each time the staff plugged into company's network, they will need to supply username & password in order to get access. After that, the ACS server will also check whether the user's MAC address is valid by checking against its own database. This MAC address is tied to the staff's user profile in ACS. If the login information supplied by the staff is valid but the MAC address of their machine is not match in ACS database, then the staff will not be able to gain access unless after notifying the administrator about it.
ii. If it is possible, any reference that I can check on how to configure this?
The reason why I need MAC authentication + 802.1x to be configured at ACS as most of our switches are not cisco based and only capable to support 802.1x.
Hope anyone here could help me on this.
Thanks very much,
DanielWith ACS, you can setup NARs (or Network Access Restrictions) to permit/deny access based on IP/non-IP based filters (like MAC Addresses).
Specific info is here:
<http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008018494f.html#313>
Hope this helps, -
Windows 2012 Nodes - Slow CSV Performance - Need help to resolve my iSCSI issue configuration
I spent weeks going over the forums and the net for any publications and advice on how to optimize iSCSI connections and i'm about to give up. I really need some help in determining if its something i'm not configuring right or maybe its an equipment
issue.
Hardware:
2x Windows 2012 Hosts with 10 Nics (same NIC configuration) in a Failover Cluster sharing a CSV LUN.
3x NICs Teamed for Host/Live Migration (192.168.0.x)
2x NICS teamed for Hyper-V Switch 1 (192.168.0.x)
1x NIC teamed for Hyper-V Switch 2 (192.168.10.x)
4x NICs for iSCSI traffic (192.168.0.x, 192.168.10.x, 192.168.20.x 192.168.30.x)
Jumbo frames and flow control turned on all the NICs on the host. IpV6 disabled. Client for Microsoft Network, File/Printing Sharing Disabled on iSCSI NICs.
MPIO Least Queue selected. Round Robin gives me an error message saying "The parameter is incorrect. The round robin policy attempts to evenly distribute incoming requests to all processing paths. "
Netgear ReadyNas 3200
4x NICs for iSCSI traffic ((192.168.0.x, 192.168.10.x, 192.168.20.x 192.168.30.x)
Network Hardware:
Cisco 2960S managed switch - Flow control on, Spanning Tree on, Jumbo Frames at 9k - this is for the .0 subnet
Netgear unmanaged switch - Flow control on, Jumbo Frames at 9k - this is for .10 subnet
Netgear unmanaged switch - Flow control on, Jumbo Frames at 9k - this is for .20 subnet
Netgear unmanaged switch - Flow control on, Jumbo Frames at 9k - this is for .30 subnet
Host Configuration (things I tried turning on and off):
Autotuning
RSS
Chimney Offload
I have 8 VMs stored in the CSV. When try to load all 8 up at the same time, they bog down. Each VM loads very slowly and when they eventually come up, most of the important services did not start. I have to load
them up 1 or 2 at a time. Even then the performance is nothing like if they were loading up on the Host itself (VHD stored on the host's hdd). This is what prompted me to add in more iSCSI connections to see if I can improve the VM's
performance. Even with 4 iSCSI connections, I feel nothing has changed. The VMs still start up slowly and services do not load right. If I distribute the load with 4 VMs on Host 1 and 4 VMs on Host 2, the load up
times do not change.
As a manual test for file copy speed, I moved the cluster resources to Host 1 and copied a VM from the CSV and onto the Host. The speed would start out around 250megs/sec and then eventually drop down to about 50/60 megs/sec. If I turn
off all iSCSI connections except one, it get the same speed. I can verify from the Windows Performance Tab under Task Manager that all the NICS are distributing traffic evenly, but something is just limiting the flow. Like what I stated on top,
I played around with autotuning, RSS and chimney offload and none of it makes a difference.
The VMs have been converted to VHDx and to fixed size. That did not help.
Is there something I'm not doing right? I am working with Netgear support and they are puzzled as well. The ReadyNas device should easily be able to handle it.
Please help! I pulled my hair out over this for the past two months and I'm about to give up and just ditch clustering all together and just run the VMs off the hosts themselves.
GeorgeA few things...
For starters, I recommend opening a case with Microsoft support. They will be able to dig in and help you...
Turn on the CSV Cache, it will boost your performance
http://blogs.msdn.com/b/clustering/archive/2012/03/22/10286676.aspx
A file copy has no resemblance of the unbuffered I/O a VM does... so don't use that as a comparison, as you are comparing apples to oranges.
Do you see any I/O performance difference between the coordinator node and the non-coordinator nodes? Basically, see which node owns the cluster Physical Disk resource... measure the performance. Then move the Physical Disk resource for the
CSV volume to another node, and repeat the same measure of performance... then compare them.
Your IP addressing seems odd... you show multiple networks on 192.168.0.x and also on 192.168.10.x. Remember that clustering only recognizes and uses 1 logical interface per IP subnet. I would triple check all your IP schemes...
to ensure they are all different logical networks.
Check you binding order
Make sure you NIC drivers and NIC firmware are updated
Make sure you don't have IPsec enabled, that will significantly impact your network performance
For the iSCSI Software Initiator, when you did your connection... make sure you didn't do a 'Quick Connect'... that will do a wildcard and connect over any network. You want to specify your dedicated iSCSI network
No idea what the performance capabilities of the ReadyNas is... this could all likely be associated with the shared storage.
What speed NIC's are you using? I hope at least 10 GB...
Hope that helps...
Elden
Hi Elden,
2. CSV is turned on, I have 4GB dedicated from each host to it. With IOmeter running within the VMs, I do see the read speed jumped up 4-5x fold but the write speed stays the same (which according to the doc it should). But even with the read
speed that high, the VMs are not starting up quickly.
4. I do not see any difference with IO with coordinator and non coordinator nodes.
5. I'm not 100% sure what your saying about my IPs. Maybe if I list it out, you can help explain further.
Host 1 - 192.168.0.241 (Host/LM IP), Undefined IP on the 192.168.0.x network (Hyper-V Port 1), Undefined IP on the 192.168.10.x network (Hyper- V port 2), 192.168.0.220 (iSCSI 1), 192.168.10.10 (iSCSI2), 192.168.20.10(iSCSI 3), 192.168.30.10 (iSCSI 4)
The Hyper-V ports are undefined because the VMs themselves have static ips.
0.220 host NIC connects with the .231 NIC of the NAS
10.10 host NIC connects with the 10.100 NIC of the NAS
20.10 host NIC connects with the 20.100 NIC of the NAS
30.10 host NIC connects with the 30.100 NIC of the NAS
Host 2 - 192.168.0.245 (Host/LM IP), Undefined IP on the 192.168.0.x network (Hyper-V Port 1), Undefined IP on the 192.168.10.x network (Hyper- V port 2), 192.168.0.221 (iSCSI 1), 192.168.10.20 (iSCSI2), 192.168.20.20(iSCSI 3), 192.168.30.20 (iSCSI 4)
The Hyper-V ports are undefined because the VMs themselves have static ips.
0.221 host NIC connects with the .231 NIC of the NAS
10.20 host NIC connects with the 10.100 NIC of the NAS
20.20 host NIC connects with the 20.100 NIC of the NAS
30.20 host NIC connects with the 30.100 NIC of the NAS
6. Binding orders are all correct.
7. Nic drivers are all updated. Didn't check the firmware.
8. I do not know about IPSec...let me look into it.
9. I did not do quick connect, each iscsi connection is defined using a specific source ip and specific target ip.
These are all 1gigabit nics, which is the reason why I have so many NICs...otherwise there would be no reason for me to have 4 iscsi connections. -
Migration of DNS from Windows 2008 R2 to Windows 2012
Hello,
We have a pair of Windows 2008 R2 servers running authoritative DNS services (they are not AD controllers, neither used as resolvers). There are ~20 domains + 10 DNSSEC domains hosted on those servers. We're considering to migrate them to Windows 2012
servers and retain IP addresses.
I'd greatly appreciate if somebody could advise the basic steps for such migration (particularly the DNSSEC part).
Many thanks.Hi,
It worked for me with a test zone but my example only had a single A record. You should test this first by adding the zone and testing resolution on the 2012 server before deleting it from the 2003 server.
The bug for secondary zones that you describe in Server 2008 is news to me. However, 2012 and 2012 R2 has many advantages over 2008 R2 for DNSSEC signed zones so I would recommend you migrate even if you weren't having problems on 2008 R2.
If you've been following the thread you mentioned above, you know that I've been doing a lot of testing with signed zones being updated on secondary servers. The signed zone is *always* updated on a secondary server but if the change on the primary was only
a signature refresh then as of right now there is still a bug where the newest RRSIGs are not transferred to the secondary server. This happens because the zone transfer occurs just before the new RRSIG is generated on the primary. This causes it to be left
behind on the primary server unless there is another zone transfer afterward. Note that a zone transfer still happens, it just happens too soon. The zone transfer that happens is an incremental zone transfer.
If the previous RRSIG expires before another zone transfer occurs then the zone can have validation problems on the secondary. There is a hotfix for this that will be distributed soon. I am checking now on the date.
If you increment the serial # on the primary, the secondary should get a full zone transfer.
-Greg -
Multicast mac-address Nexus 7k
Hi,
i'm going to use Nexus 7000 in Data Center.
During analysis configuration, I need define mac-address-static configuration for multicast mac address for Firewall Checkpoint cluster.
In "Layer 2 Switching Configuration Guide, Release 4.1.pdf" documentation speak about
"Configuring a Static MAC Address
[..]You cannot configure broadcast or multicast addresses as static MAC addresses[..]"
Have you a suggestion to manage this problem and why is it not possible configure mac address static multicast?
Regards
DinoJoseph - The ClusterXL A/A configuration is a variation of the StoneSoft or Rainfinity clustering technologies that have been used to cluster Solaris and other *NIX flavored servers and firewalls for years. (In fact, StoneSoft filed suit against Check Point in Europe 8 or 9 years ago for patent violations, and lost.) These configurations were very common on Check Point clusters running on Solaris from the late 90's forward - and, as you describe, have unicast IP's with a multicast MAC for the VIP. Even from the days of installing these on the brand new (at the time) 2900 series switches you had to do exactly as you state above - static MAC entries (or in some cases port mirrors) so traffic was directed to both active switch ports. In Active/Passive mode Check Point ClusterXL clusters are almost always "plug and play" today - rarely do the switches need anything beyond speed/duplex settings. The VIP assumes the MAC of the physical NIC it is currently bound to, and therefore there are no issues as far as switch config or proxy ARP entries on the gateways. All of these issues have to do with traffic flowing to the VIP and through the firewall, and the ability of the switch to correctly identify which physical switch port(s) the VIP is currently patched in to. This is one of three types of traffic associated with ClusterXL itself. The second is state synchronization, which is accomplished through a crossover cable and therefore not relevant. Even when using a switch state sync is a typical TCP 18181 connection from a unicast IP/unicast MAC on one gateway to the other through a dedicated interface pair.
The challenge described by CJ is not with the traffic flowing to the VIP, however. It is an entirely separate process - Check Point Clustering Protocol (aka CPHA if filtering in WireShark) is essentially the heart beat traffic. Every interface pair within a Check Point cluster continually communicates with its "partner" interface on the other cluster members. If any packet takes over 100ms or shows more than a 5% loss the gateway is forced in to "probing" mode where it falls back to ICMP to determine the state of the other cluster member. Depending on the CPHA timing settings an active gateway will failover to the passive in as quickly as 500ms or so. ClusterXL will fail over the entire gateway to the standby to avoid complications with asynchronous routing.
Out of the box, CCP is configured to use multicast, but it supports broadcast as well. To change this in real time (no restart required) simply issue the command:
cphaconf set_ccp {broadcast/multicast}
At the Ethernet level, CCP traffic will always have a source MAC of the Magic MAC of 00:00:00:00:xx:yy where XX is the “Cluster ID” – something identical on each cluster member but unique from one cluster to another, and YY is the cluster priority (00, 01, etc.) based on the priority levels set on cluster members within Dashboard on the cluster object. The destination MAC will always be the Ethernet broadcast of ff:ff:ff:ff:ff:ff.
At the IP level the source of CCP will always appear as 0.0.0.0. The destination will always be the network address (ie, x.x.x.0).
Similarly in multicast mode you will see the same traffic at the IP level but at the Ethernet level the destination will now be a IPv4 multicast MAC (ie, 01:00:5e:4e:c2:1e).
In a tcpdump with the –w flag opened in WireShark and a filter applied of just “cpha” (without the quotes) you should see a continual stream of traffic with the same source and destination IPs on all packets (0.0.0.0 and network IP), the destination of either a bcast or mcast MAC and the source MAC alternating between 00:00:00:00:xx:00 and 00:00:00:00:xx:01.
Long story short, the problem CJ is describing is a behavior on the 7K where a packet capture taken on the Check Point interface itself (ie, tcpdump –i eth0 –w capture.cap) ONLY shows CPHA traffic from it’s own source MAC and no packets from it’s partner. A tcpdump on the 7K itself will show traffic from both.
As CJ mentioned, a simple NxOS upgrade will fix the issue per:
This one:CSCtl67036 basically pryer to NX-OS 5.1(3) the nexus will discard packets that have a source of 0.0.0.0. Which in broadcast mode is exactly what the CCP heartbeat is. We bypassed this one.CSCsx47620 is the bug for the for static multicast MAC address feature but it requires 5.2 code on the 7k
(NOTE:Additional RAM may be required for the 5.2 update)
Also note that Check Point gateways do support IGMP multicast groups, given that you have the correct license. It is a feature of SecurePlatform Professional on the higher end gateways or as a relatively inexpensive upgrade on the lower end boxes or open platforms. For lab purposes you can simply type “pro enable” at the CLI (without the quotes). As of the latest build there is no technical limitation (no license check) so you can enable advanced routing features as needed for testing in a lab. For step by step details on configuring IGMP on SPLAT Pro go to the Check Point support site and search for sk32702.
This can be a frustrating issue to troubleshoot, so hopefully this helps someone avoid the headaches I ran in to. -
[SOLVED] Lost MAC address on network card
It seems that my wired ethernet card has lost its MAC address. Some information/output:
# lspci|grep Ethernet
02:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8055 PCI-E Gigabit Ethernet Controller
The card uses the sky2 kernel module
# dmesg|grep sky2
sky2 0000:02:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
sky2 0000:02:00.0: setting latency timer to 64
sky2 0000:02:00.0: v1.22 addr 0xf7dfc000 irq 16 Yukon-2 EC Ultra rev 2
sky2 eth0: addr 00:00:00:00:00:00
Adding a line
#ifconfig eth0 hw ether <random-address-here>
to the startup-scripts makes it possible to use the nic, but it seems like a very temporary solution.
I don't know what can have caused this. Maybe the winter cold here in Norway erased some part of the nic's ROM?
- Does anybody have any idea how I can remedy this?
- Do I have to send the laptop in for repair to get it restored?
Last edited by kapelrud (2008-12-05 16:35:54)iBertus wrote:I suppose a driver bug could have corrupted the ROM on the network card. Do you have a Windows install that you can boot into to see if the card is working correctly with those drivers?
Using "ipconfig /all" on windows showed the same zeroed mac address, so I guess the problem isn't (wasn't) linux-specific.
I left the pc in my locker at school last night and when I started it up again this morning the mac had mysteriously returned! Maybe the university leprechaun was bored yesterday.
So I guess the problem is solved, for now... Thanks anyway! -
Build and Capture - Windows 2012 no longer possible
Dear all
We are using SCCM SP1 and facing since May 2013 the following problem:
Our - until May 2013 working - Task Sequence to build and capture our Windows 2012 Datacenter Image does not capture when we install updates during this sequence.
The following steps are working:
- Restart in Windows PE
- Partition Disk 0
- Apply Operating System
- Apply Windows Settings
- Apply Network Settings
- Setup Windows and Configuration Manager
If the next step is Install Updates, it installs the updates, reboot twice, shows again the status of the task sequence and then we can see the login screen from Windows 2012 instead of starting the step "Prepare Configuration Manager
Client".
As soon as we disable the Install Updates step, the task sequence can go to "Prepare Configuration Manager Client" and can successfully capture a new wim.
What could be the problem? Thanks for any hints.
best
JBABcheck your windowsupdate.log and see what updates it's installing, one or more of them is causing a reboot which the task sequence does not expect or like and that is probably your issue, remove that update(s) from the deployment and start again
Step by Step Configuration Manager Guides >
2012 Guides |
2007 Guides | I'm on Twitter > ncbrady -
Hello I´m trying to setup 802.1x on an old 3560 switch.
The Switch is a:
Switch Ports Model SW Version SW Image
* 1 52 WS-C3560-48TS 12.2(25)SEE3 C3560-ADVIPSERVICESK
I´m using Windows 2012 IAS as RADIUS with the following policies:
I have the folling config on the switch:
aaa group server radius RadiusAuth
server 172.29.8.12 auth-port 1645 acct-port 1646
aaa authentication login default local
aaa authentication login local enable
aaa authentication dot1x default group RadiusAuth
aaa authorization network default group RadiusAuth
dot1x system-auth-control
interface FastEthernet0/31
description 802.1x tests
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 3
dot1x timeout tx-period 5
dot1x guest-vlan 106
spanning-tree portfast
radius-server host 172.29.8.12 auth-port 1645 acct-port 1646
radius-server retry method reorder
radius-server transaction max-tries 10
radius-server timeout 4
radius-server deadtime 2
radius-server key KEYSECRET
radius-server vsa send authentication
And I cant authenticate , I think it is a RADIUS problem.
I have this aditional debug info related with RADIUS and Dot1x:
004898: Aug 5 12:32:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to down
004899: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
004900: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
004901: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
004902: 7w6d: RADIUS(00000019): sending
004903: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
004904: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/77, len 173
004905: 7w6d: RADIUS: authenticator A7 3A 07 F8 8D 5B C1 76 - 67 8E 66 54 05 04 0C DB
004906: 7w6d: RADIUS: User-Name [1] 19 "DOMAIN\User"
004907: 7w6d: RADIUS: Service-Type [6] 6 Framed [2]
004908: 7w6d: RADIUS: Framed-MTU [12] 6 1500
004909: 7w6d: RADIUS: Called-Station-Id [30] 19 "00-17-94-97-D9-23"
004910: 7w6d: RADIUS: Calling-Station-Id [31] 19 "00-24-BE-C7-09-6F"
004911: 7w6d: RADIUS: EAP-Message [79] 24
004912: 7w6d: RADIUS: 02 02 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C [?????DOMAIN\]
004913: 7w6d: RADIUS: 6F 6C 6F 70 65 7A [USER]
004914: 7w6d: RADIUS: Message-Authenticato[80] 18
004915: 7w6d: RADIUS: 31 C9 68 BA B8 E9 DC 78 6E 87 7E A4 89 D5 0C 81 [1?h????xn?~?????]
004916: 7w6d: RADIUS: Vendor, Cisco [26] 24
004917: 7w6d: RADIUS: cisco-nas-port [2] 18 "FastEthernet0/31"
004918: 7w6d: RADIUS: NAS-Port [5] 6 50031
004919: 7w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
004920: 7w6d: RADIUS: NAS-IP-Address [4] 6 172.29.11.1
004921: Aug 5 12:32:32: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
004922: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004923: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004924: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004925: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004926: 7w6d: RADIUS(00000019): Storing nasport 50031 in rad_db
004927: 7w6d: RADIUS(00000019): Config NAS IP: 0.0.0.0
004928: 7w6d: RADIUS/ENCODE(00000019): acct_session_id: 27787264
004929: 7w6d: RADIUS(00000019): sending
004930: 7w6d: RADIUS/ENCODE: Best Local IP-Address 172.29.11.1 for Radius-Server 172.29.8.12
004931: 7w6d: RADIUS(00000019): Send Access-Request to 172.29.8.12:1645 id 21645/78, len 173
004932: 7w6d: RADIUS: authenticator 84 B1 75 9D 4C 21 0F 9D - 19 01 A6 23 DE 1B 74 1A
004933: 7w6d: RADIUS: User-Name [1] 19 "DOMAIN\User"
004934: 7w6d: RADIUS: Service-Type [6] 6 Framed [2]
004935: 7w6d: RADIUS: Framed-MTU [12] 6 1500
004936: 7w6d: RADIUS: Called-Station-Id [30] 19 "00-17-94-97-D9-23"
004937: 7w6d: RADIUS: Calling-Station-Id [31] 19 "00-24-BE-C7-09-6F"
004938: 7w6d: RADIUS: EAP-Message [79] 24
004939: 7w6d: RADIUS: 02 03 00 16 01 44 49 47 49 54 41 49 4E 45 52 5C [?????DDOMAIN\]
004940: 7w6d: RADIUS: 6F 6C 6F 70 65 7A [User]
004941: 7w6d: RADIUS: Message-Authenticato[80] 18
004942: 7w6d: RADIUS: D3 1E DC 03 5E 13 CF 93 6B 7F F4 B8 DB 20 65 A6 [????^???k???? e?]
004943: 7w6d: RADIUS: Vendor, Cisco [26] 24
004944: 7w6d: RADIUS: cisco-nas-port [2] 18 "FastEthernet0/31"
004945: 7w6d: RADIUS: NAS-Port [5] 6 50031
004946: 7w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
004947: 7w6d: RADIUS: NAS-IP-Address [4] 6 172.29.11.1
004948: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004949: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004950: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004951: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004952: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004953: Aug 5 12:33:04: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.29.8.12:1645,1646 is not responding.
004954: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004955: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004956: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004957: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/77
004958: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004959: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/77
004960: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
004961: 7w6d: RADIUS/DECODE: parse response; FAIL
004962: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004963: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004964: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004965: 7w6d: RADIUS: Retransmit to (172.29.8.12:1645,1646) for id 21645/78
004966: 7w6d: RADIUS: No response from (172.29.8.12:1645,1646) for id 21645/78
004967: 7w6d: RADIUS/DECODE: parse response no app start; FAIL
004968: 7w6d: RADIUS/DECODE: parse response; FAIL
004969: Aug 5 12:35:04: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
DOT1X
005294: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
005295: 7w6d: dot1x-registry:dot1x_switch_port_linkcomingup invoked on interface Fa0/31
005296: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to UP
005297: 7w6d: dot1x_auth Fa0: initial state auth_initialize has enter
005298: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
005299: 7w6d: dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
005300: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
005301: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
005302: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005303: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005304: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005305: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
005306: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
005307: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
005308: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
005309: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
005310: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
005311: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005312: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
005313: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
005314: 7w6d: dot1x-ev:dot1x_switch_enable_on_port: Enabling dot1x on interface FastEthernet0/31
005315: 7w6d: dot1x-ev:dot1x_switch_enable_on_port: set dot1x ask handler on interface FastEthernet0/31
005316: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005317: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005318: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005319: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005320: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005321: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005322: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005323: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005324: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005325: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005326: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005327: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005328: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005329: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005330: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005331: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005332: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005333: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005334: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005335: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005336: 7w6d: EAPOL pak dump Tx
005337: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005338: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005339: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005340: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005341: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005342: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
005343: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
005344: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
005345: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0016
005346: 7w6d: dot1x-ev:Created a client entry for the supplicant 0024.bec7.096f
005347: 7w6d: dot1x-ev:Found the default authenticator instance on FastEthernet0/31
005348: 7w6d: dot1x-registry:EAPOL traffic seen on FastEthernet0/31
005349: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
005350: 7w6d: EAPOL pak dump rx
005351: 7w6d: EAPOL Version: 0x1 type: 0x0 length: 0x0016
005352: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
005353: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
005354: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
005355: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
005356: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
005357: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
005358: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
005359: Aug 5 12:39:28: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state to up
005360: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005361: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
005362: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
005363: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
005364: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
005365: 7w6d: dot1x-packet:Received an EAPOL-Start packet on interface FastEthernet0/31
005366: 7w6d: EAPOL pak dump rx
005367: 7w6d: EAPOL Version: 0x1 type: 0x1 length: 0x0000
005368: 7w6d: dot1x-sm:Posting EAPOL_START on Client=39E7F78
005369: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 4(eapolStart)
005370: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_aborting
005371: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
005372: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_enter called
005373: 7w6d: dot1x-sm:Posting AUTH_ABORT on Client=39E7F78
005374: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_response, got event 1(authAbort)
005375: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_initialize
005376: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
005377: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_initialize_enter called
005378: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_initialize
005379: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
005380: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
005381: 7w6d: dot1x-sm:Posting !AUTH_ABORT on Client=39E7F78
005382: 7w6d: dot1x_auth Fa0: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
005383: 7w6d: @@@ dot1x_auth Fa0: auth_aborting -> auth_restart
005384: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_exit called
005385: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
005386: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
005387: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_aborting_restart_action called
005388: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005389: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005390: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005391: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
005392: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
005393: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
005394: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005395: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005396: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005397: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_enter called
005398: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_authenticating_action called
005399: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005400: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005401: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005402: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_enter called
005403: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005404: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005405: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005406: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005407: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005408: 7w6d: EAPOL pak dump Tx
005409: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005410: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005411: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0024.bec7.096f)
005412: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_request_action called
005413: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005414: 7w6d: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
005415: 7w6d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
005416: 7w6d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/31
005417: 7w6d: dot1x-ev:Received pkt saddr =0024.bec7.096f , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0016
005418: 7w6d: dot1x-packet:Received an EAP packet on interface FastEthernet0/31
005419: 7w6d: EAPOL pak dump rx
005420: 7w6d: EAPOL Version: 0x1 type: 0x0 length: 0x0016
005421: 7w6d: dot1x-packet:Received an EAP packet on the FastEthernet0/31 from mac 0024.bec7.096f
005422: 7w6d: dot1x-sm:Posting EAPOL_EAP on Client=39E7F78
005423: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 6(eapolEap)
005424: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_response
005425: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_enter called
005426: 7w6d: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0024.bec7.096f
005427: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_request_response_action called
005428: 7w6d: dot1x-sm:Posting A_WHILE_EXPIRE on Client=39E7F78
005429: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_response, got event 9(aWhile_expire)
005430: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_response -> auth_bend_timeout
005431: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_exit called
005432: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_timeout_enter called
005433: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_response_timeout_action called
005434: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_timeout
005435: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
005436: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_bend_idle_enter called
005437: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
005438: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
005439: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
005440: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authenticating_exit called
005441: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_fallback_enter called
005442: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
005443: 7w6d: dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
005444: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
005445: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_authc_result_enter called
005446: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005447: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
005448: 7w6d: dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
005449: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
005450: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005451: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
005452: 7w6d: dot1x_auth Fa0: during state auth_held, got event 13(restart)
005453: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
005454: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_held_exit called
005455: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_enter called
005456: 7w6d: dot1x-ev:Resetting the client 0024.bec7.096f
005457: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005458: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005459: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005460: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_connecting_enter called
005461: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_restart_connecting_action called
005462: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0024.bec7.096f
005463: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
005464: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
005465: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
005466: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter called
005467: 7w6d: dot1x-sm:Fa0/31:0024.bec7.096f:auth_disconnected_enter sending canned failure to version 1 supplicant
005468: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x4 id: 0x4 length: 0x0004 type: 0x0 data:
005469: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005470: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005471: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005472: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005473: 7w6d: EAPOL pak dump Tx
005474: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0004
005475: 7w6d: EAP code: 0x4 id: 0x4 length: 0x0004
005476: 7w6d: dot1x-packet:dot1x_auth_txCannedFail: EAPOL packet sent to client (0024.bec7.096f)
005477: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005478: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005479: 7w6d: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface FastEthernet0/31
005480: 7w6d: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Fa0/31
005481: 7w6d: dot1x-ev:dot1x_vlan_assign_client_deleted on interface FastEthernet0/31
005482: 7w6d: dot1x_auth Fa0: initial state auth_initialize has enter
005483: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_initialize_enter called
005484: 7w6d: dot1x_auth Fa0: during state auth_initialize, got event 0(cfg_auto)
005485: 7w6d: @@@ dot1x_auth Fa0: auth_initialize -> auth_disconnected
005486: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
005487: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005488: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005489: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005490: 7w6d: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000
005491: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has enter
005492: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_initialize_enter called
005493: 7w6d: dot1x_auth_bend Fa0: initial state auth_bend_initialize has idle
005494: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_initialize, got event 16383(idle)
005495: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_initialize -> auth_bend_idle
005496: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005497: 7w6d: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000
005498: 7w6d: dot1x-ev:Created a default authenticator instance on FastEthernet0/31
005499: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005500: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005501: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005502: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005503: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005504: Aug 5 12:40:17: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.29.8.12:1645,1646 has returned.
005505: 7w6d: dot1x-ev:dot1x_critical_active_state_change: Critical Auth Active state changed to FALSE
005506: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005507: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005508: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005509: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005510: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005511: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005512: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005513: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005514: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005515: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005516: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005517: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005518: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005519: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005520: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005521: 7w6d: EAPOL pak dump Tx
005522: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005523: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005524: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005525: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005526: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005527: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005528: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005529: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005530: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005531: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005532: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005533: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005534: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005535: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005536: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005537: 7w6d: EAPOL pak dump Tx
005538: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005539: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005540: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005541: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005542: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005543: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005544: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005545: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005546: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005547: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
005548: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005549: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005550: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005551: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005552: 7w6d: EAPOL pak dump Tx
005553: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005554: 7w6d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
005555: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005556: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
005557: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
005558: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
005559: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
005560: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
005561: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
005562: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_timeout
005563: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
005564: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005565: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
005566: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
005567: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
005568: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
005569: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
005570: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
005571: 7w6d: dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
005572: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
005573: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
005574: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005575: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
005576: 7w6d: dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
005577: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
005578: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005579: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
005580: 7w6d: dot1x_auth Fa0: during state auth_held, got event 13(restart)
005581: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
005582: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
005583: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005584: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
005585: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005586: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005587: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005588: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005589: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005590: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005591: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005592: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005593: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005594: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005595: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005596: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005597: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005598: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005599: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005600: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005601: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005602: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005603: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005604: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005605: 7w6d: EAPOL pak dump Tx
005606: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005607: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005608: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005609: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005610: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005611: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005612: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005613: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005614: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005615: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005616: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005617: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005618: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005619: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005620: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005621: 7w6d: EAPOL pak dump Tx
005622: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005623: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005624: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005625: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005626: 7w6d: dot1x-sm:Posting EAP_REQ on Client=39E7F78
005627: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 7(eapReq)
005628: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_request
005629: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_request_action called
005630: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005631: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1 data:
005632: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005633: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005634: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005635: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005636: 7w6d: EAPOL pak dump Tx
005637: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005638: 7w6d: EAP code: 0x1 id: 0x3 length: 0x0005 type: 0x1
005639: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005640: 7w6d: dot1x-ev:Received an EAP Timeout on FastEthernet0/31 for mac 0000.0000.0000
005641: 7w6d: dot1x-sm:Posting EAP_TIMEOUT on Client=39E7F78
005642: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_request, got event 12(eapTimeout)
005643: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_request -> auth_bend_timeout
005644: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_timeout_enter called
005645: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_timeout_action called
005646: 7w6d: dot1x_auth_bend Fa0: idle during state auth_bend_timeout
005647: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_timeout -> auth_bend_idle
005648: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_enter called
005649: 7w6d: dot1x-sm:Posting AUTH_TIMEOUT on Client=39E7F78
005650: 7w6d: dot1x_auth Fa0: during state auth_authenticating, got event 14(authTimeout)
005651: 7w6d: @@@ dot1x_auth Fa0: auth_authenticating -> auth_fallback
005652: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_exit called
005653: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_fallback_enter called
005654: 7w6d: dot1x-sm:Posting AUTH_FAIL on Client=39E7F78
005655: 7w6d: dot1x_auth Fa0: during state auth_fallback, got event 15(authFail)
005656: 7w6d: @@@ dot1x_auth Fa0: auth_fallback -> auth_authc_result
005657: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authc_result_enter called
005658: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005659: 7w6d: dot1x-sm:Posting AUTHC_FAIL on Client=39E7F78
005660: 7w6d: dot1x_auth Fa0: during state auth_authc_result, got event 23(authcFail)
005661: 7w6d: @@@ dot1x_auth Fa0: auth_authc_result -> auth_held
005662: 7w6d: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/31.
005663: 7w6d: dot1x-sm:Posting RESTART on Client=39E7F78
005664: 7w6d: dot1x_auth Fa0: during state auth_held, got event 13(restart)
005665: 7w6d: @@@ dot1x_auth Fa0: auth_held -> auth_restart
005666: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_held_exit called
005667: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005668: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
005669: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005670: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005671: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005672: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005673: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005674: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005675: 7w6d: dot1x-sm:Posting REAUTH_MAX on Client=39E7F78
005676: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 11(reAuthMax)
005677: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_disconnected
005678: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_disconnected_enter called
005679: 7w6d: dot1x_auth Fa0: idle during state auth_disconnected
005680: 7w6d: @@@ dot1x_auth Fa0: auth_disconnected -> auth_restart
005681: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_enter called
005682: 7w6d: dot1x-ev:Resetting the client 0000.0000.0000
005683: 7w6d: dot1x-sm:Posting !EAP_RESTART on Client=39E7F78
005684: 7w6d: dot1x_auth Fa0: during state auth_restart, got event 6(no_eapRestart)
005685: 7w6d: @@@ dot1x_auth Fa0: auth_restart -> auth_connecting
005686: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_enter called
005687: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_restart_connecting_action called
005688: 7w6d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
005689: 7w6d: dot1x-sm:Posting RX_REQ on Client=39E7F78
005690: 7w6d: dot1x_auth Fa0: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
005691: 7w6d: @@@ dot1x_auth Fa0: auth_connecting -> auth_authenticating
005692: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_authenticating_enter called
005693: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_connecting_authenticating_action called
005694: 7w6d: dot1x-sm:Posting AUTH_START on Client=39E7F78
005695: 7w6d: dot1x_auth_bend Fa0: during state auth_bend_idle, got event 4(eapReq_authStart)
005696: 7w6d: @@@ dot1x_auth_bend Fa0: auth_bend_idle -> auth_bend_request
005697: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_request_enter called
005698: 7w6d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x5 length: 0x0005 type: 0x1 data:
005699: 7w6d: dot1x-ev:FastEthernet0/31:Sending EAPOL packet to group PAE address
005700: 7w6d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/31.
005701: 7w6d: dot1x-registry:registry:dot1x_ether_macaddr called
005702: 7w6d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/31
005703: 7w6d: EAPOL pak dump Tx
005704: 7w6d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
005705: 7w6d: EAP code: 0x1 id: 0x5 length: 0x0005 type: 0x1
005706: 7w6d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
005707: 7w6d: dot1x-sm:Fa0/31:0000.0000.0000:auth_bend_idle_request_action called
005708: 7w6d: dot1x-registry:dot1x_switch_port_physical_linkchange invoked on interface Fa0/31
005709: 7w6d: dot1x-ev:dot1x_mgr_if_state_change: FastEthernet0/31 has changed to DOWN
005710: 7w6d: dot1x-ev:Cleared all authenticator instances on FastEthernet0/31
Dot1x Info for FastEthernet0/31
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 3
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 5
RateLimitPeriod = 0
Guest-Vlan = 106
Any idea? thanks in advance.Did you try "Unencrypted authentication (PAP, SPAP)" tick in Network Policies?
It's probably going to solve your problem -
802.1x authentication with mac address
Hi guys,
there is a strange requirement from one of our customer,
they want us to do 802.1x with mac address authentication and they dont want the pop-ups which ask
for username, password and domain.
is it possible??
can i avoid popping up the username password with 802.1x and that too with mac address???
Any help would be greatly appreciated
Thanks
JvalinHi,
The feature which you are looking for is possible in case of wired 802.1x. This feature is called as the MAC-Auth Bypass and is done mostly if the client machine is not 802.1x capable. However nowerdays it is used even if the machine is 802.1x capable.In this we enter the MAC address of the machine in the user database e.g. Active Directory. When you connect the client machine to the Switch, if we have MAC-Auth Bypass enabled on the port, it would take the MAC address of the machine as the username without any prompt for username and password.
A windows server admin can easily push a group policy which disables the 802.1x on the client machine and it would only respond to the MAC-Auth Bypass.But first you would have to make sure your switch has the Mac-Auth Bypass in the IOS.
For more information, you can go to http://www.cisco.com/univercd/cc/td/doc/solution/macauthb.pdf
Regards,
Kush -
Windows 7-8.1 Can not change the MAC Address on wifi and cannot load login page in public HotSpot.
Windows 7-8.1 Can not change the MAC Address on wifi and cannot load login page in public HotSpot.
Adapter: Ralink RT3070 Chipset wifi adapter
Tested: os Windows 8.1 Professional
Hot Spot: 802.11b
The first problem windows 7-8.1 got IP adress and connect he public HotSpot but cannot load login page or any other page. It does not work with it.
The second problem Wifi canrd/configure/Advandes (No network adress change function).Tested with the default windows driver and the ralink rt 3070 driver the same problem.On windows XP the same function the same driver works perfectly.
multiple users to have expressed interest in the problem But Microsoft not corrected the problem window7-8.1 10?
lizardsystems.com/wiki/change_mac_address/faq/change_mac_address_in_windows_7
blog.technitium.com/2011/05/tmac-issue-with-wireless-network.html
superuser.com/questions/519189/how-to-change-the-mac-address-in-win-8-to-spoof-a-roku-player-through-a-wifi-spl
social.technet.microsoft.com/Forums/windows/en-US/59e07df3-471c-499e-ad5f-e7cb507595df/cannot-change-mac-address-in-windows-7-driver-has-option-doesnt-work-neither-does-regedit-ms?forum=w7itpronetworking
networksteve.com/windows/topic.php/CANNOT_CHANGE_WIRELESS_%28SPOOF%29_MAC_ADDRESS_ON_WINDOWS_7/?TopicId=16810&Posts=1
On windows XP or linux have a MAC adress Change function allow 00 mac adress and another normal mac adress range.On windows 8.1 all Mac changer program dont work.This 2,6,A,E on second adress are not vaild Mac adress. You simply can not use normal MAC
addresses on windows 8.1.When i connect the usb the Pc windows 8.1 recognizes the adapter but the default driver and the downloaded ralink driver the same problem.On windows xp the current driver works perfectly have (Local Mac Network Adress) funktion
and works with the 802.11b hot spot.I got the internet my PC and laptop too public HotSpots and another wifi HotSpots if wont work correctly i can not use neither the windows 7,8,8.1 or 10. Many users have expressed interest in the problem more forums.
The 3. problem im tested in virtualbox the windows 7 and 8.1 on 8.1 (on the blue wifi platform) not show correctly the signal strengh. On windows 7 show this correctly.The windows 7-8.1 Configure/advanced the advanced options on Ralink 3070 the default (windows
driver) somehow downgraded function is less than for Xp. Configure/advanced the advanced options (needs to be upgraded in the future) because it does not advance but rather regressed.
Today it is very common these wi-fi technology increasingly used (hotels,Public Hots Spots,Internet coffe,) growing free bublic wifi projects. The wifi funktions on windows need debugging and modernize.The quality of Wi-Fi is now the operating system
is now a thing order which is not good then the operating system is unusable.Hi,
For changing the MAC address for Windows 7 is designed with some limitation, we cannot get over it. Thanks for your understanding.
Under Windows 7, the possible range of spoofed addresses for wireless adapters that can be set is limited. To be used by Windows 7, a spoofed MAC address should have 0 as a least significant bit (unicast) and 1 as a second least significant
bit (locally administered) in the second nibble. Thus possible values for the second nibble are limited to 2, 6, A and E.
In other words
MAC address: “XY-XX-XX-XX-XX-XX” “X” can be anything hexadecimal. The hexadecimal “Y”, written in binary format, is Y: “kmnp”, where “p” is the least significant bit;
p=0 --> unicast;
p=1 --> multicast;
n=0 --> globally assigned MAC;
n=1 --> locally administered;
So, actually MAC can be changed to any combination in which p=0 and n=1;
“Y” can be 2, 6, A or E.
So the possible MAC addresses in Windows 7 for wireless adapters:
X2-XX-XX-XX-XX-XX
X6-XX-XX-XX-XX-XX
XA-XX-XX-XX-XX-XX
XE-XX-XX-XX-XX-XX
For the wifi hotspot issue, please check this blog to see if it can be helpful.
Windows 7 Connectivity Problems in Public Hotspots
http://blogs.technet.com/b/patrickr/archive/2010/07/28/windows-7-connectivity-problems-in-public-hotspots.aspx
Kate Li
TechNet Community Support -
Hey everyone,
I want to install windows 8 32bit on my mac pro (mid 2012). I upgraded the windows 7 I already had, but now I dont have drivers at all...
I searched drivers for the windows 8 32 bit but couldn't find any...
Any solutions guys?
Thanks a lot.
Sincerely,
ChiponnThere's been an update for OSX ML which addresses the issue for installing Windows 8 on bootcamp.
It's NOT recommended that you Upgrade.. However, the way to get the drivers is:
You'll need an external USB drive formatted as FAT for this.
1) In OSX, start the Bootcamp Assistant
2) Press Next
3) UNTICK 'Remove WIndows 7 or Later Version'
4) TICK Download the Latest Windows Support Software from Apple
5) Insert USB drive
6) Press CONTINUE
The drivers should download, and copy a WIndowsSupport folder onto the USB drive.
I did notice that Windows 8 still requires beta drivers for some aspects such as VGA (the Radio HD Card), which you can get on the AMD website.
Futhermore, why are you using Windows 8 "32" bit when you blatently have a powerful 64bit?
Anyway, hope this post helps ;-) -
802.1x and wired dynamic vlans on MAC addresses
Hi All,
I would like to setup our new offices with dynamic vlans determined by the MAC address of the device connecting. So I need a database of MAC addresses in groups for which vlan they will go in, with separate vlans for printers and servers and computers and BYOD. If this can work for wireless too then even better.
I've done some reading but am really struggling to find the information I need.
We have a Windows domain and brand new 3850 Cisco switches.
Can anyone steer me in the right direction (or tell me how to do it!) please?
Thanks for reading.Hi,
So you need to perform MAB authentication. As you mentioned, you will need to create a DB of MAC entries.
In order to configure the Windows server (2003 or 2008?) to assign the dynamic VLAN you need to define the Remote Access Policies and create the custom attributes. For example:
Tunnel-Medium-Type. Select a value appropriate to the previous selections you have made for the policy. For example, if the network policy you are configuring is a wireless policy, select Value: 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned.
Tunnel-Type. Select Virtual LANs (VLAN).
You can find more information here:
Configure a Network Policy for VLANs
VLAN Attributes Used in Network Policy
802.1X Authentication Services Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
HTH.
Maybe you are looking for
-
IMac high pitch sound (4th iMac in a week). Any improvements?
Hello, I know there is a lot of forum posts on the internet about this, as I've spent about two days reading them (primarily from my iPhone as my screen sound drives me up the wall). As some people have experienced, this is a result of changing the b
-
I can't remember the name of the addon, it looks like a small red dot on my toolbar. I know that you need to install CSHelper extension in order for the video capture to work. I don't want to software but as I stated before the addon isn't listed in
-
This problem above comes on screen when I downloaded version 5 of Firefox
-
Hi, How to set the page size of a B tree node in berkeley db java edition? thanks.
-
I just upgraded to ilife iphoto 09. Now when I alter images in iphoto 8.1.2 the program freezes up. I have downloaded all of the latest updates from apple, but nothing seems to correct this problem. Has anyone else experienced this? Thanks for your