802.1x authtication issue

Unanswered Question
Apr 28th, 2007


I am trying dot1x with a NM-16ESW on a Cisco 3640. Below is my scenario:

Cisco 3640

Client: windows 2003 (EAP MD5) connect to fa0/15

Server: ACS 4.0, connetc to fa0/14

Everytime when I started my computer, I was asked to enter the username and password; however, my computer could not connect to the router. And below is the information of 'debug dot1x all':

*Mar 1 00:57:48.975: dot1x-authsm(Fa0/15): connection retry 1 of 2

*Mar 1 00:57:48.979: dot1x-besm(Fa0/15): state IDLE, event TIMEOUT, arg 0x0

*Mar 1 00:57:48.979: dot1x-reauthsm(Fa0/15): state INITIALIZE, event TIMEOUT, arg 0x0

*Mar 1 00:57:49.355: dot1x_eapol_enqueue: Received EAPOL packet from 0004.5a85.3442

*Mar 1 00:57:49.355: dot1x_eapol_enqueue: Received EAPOL packet: Dot1x not enabled on this interface.

And, by ccapturing the packets from the ACS server, I found there's no traffic between my router and ACS server. But, I am sure the connection from the router to ACS server is good.

Below is part of my router's configuration:

aaa authentication login default group radius local

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa session-id common

dot1x system-auth-control

dot1x re-authentication


interface FastEthernet0/14

no ip address


interface FastEthernet0/15

switchport access vlan 20

no ip address

dot1x port-control auto


interface Vlan1

ip address

no ip redirects


interface Vlan10

no ip address

no ip redirects



interface Vlan20

ip address

no ip redirects


radius-server host auth-port 1645 acct-port 1646 key cisco

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion