Dot1x/mab - Auth-event every fifth second

Unanswered Question
Sep 17th, 2009

Hi all,

I'm doing some testing with dot1x and mab on a 2960 (c2960-lanbasek9-mz.122-50.SE3). I want my ATA-box to authenticate using it mac-address and end up in the vocie vlan.

By using the underlaying config and the cisco-av-pair device-traffic-class=voice, it works.

switchport voice vlan 300

authentication host-mode multi-domain

authentication port-control auto

authentication periodic

authentication violation protect

mab

dot1x pae authenticator

But i believe something is not right and I can't find the cause of it. When I use the "debug authentication event" the following message appear every fifth second:

Sep 18 08:35:24.688: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_present: client for mac address 0011.bb08.24b6 has been notified on FastEthernet0/2

Sep 18 08:35:24.688: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_authorized: client for mac address 0011.bb08.24b6 is authorized FastEthernet0/2

Is it supposed to create an AUTH-EVENT for every client every fifth second? It seems strange to me...

Best Regards,

Johan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
b.julin Mon, 09/21/2009 - 13:28

5 seconds seems a bit often. Heck in the right mab scenarios you don't even need to have "authentication periodic" enabled, since link up/down events are enough for single clients. But that depends on your physical security considerations.

Could it be that your radius server is sending an attribute that cranks down the reauth time as described here?

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dot1x.html

In that case it can be fixed radius-side, or overridden with a switch-local setting.

jmandersson Tue, 09/22/2009 - 10:50

Hi and thanks for the reply,

Perhaps i could have been more precise. The client is reauthenticated after the default timers, and not every fifth second. It this debug (debug authentication events) message thats appears every fifth second:

Sep 22 20:44:36.204: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_present: client for mac address 0011.bb08.24b6 has been notified on FastEthernet0/2

Sep 22 20:44:36.204: AUTH-EVENT (Fa0/2): dot1x_switch_is_auth_client_authorized: client for mac address 0011.bb08.24b6 is authorized FastEthernet0/2

Perhaps it isn't a problem but i can't fint any information about what it means and why it appears so frequently

Best regards,

Johan

Actions

This Discussion