×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IEEE 802.1x with EAP-TLS issue in cisco 2960

Unanswered Question
Dec 30th, 2013
User Badges:

In My Cisco 2960 switch is not working with EAP-TLS mechanism of 802.1x but its works well with other  protocols like EAP-PEAP or MAC Address authentication.


Below is the configuration




aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authentication dot1x default group radius

aaa authorization commands 15 default group tacacs+ local

aaa authorization network default group radius

aaa authorization configuration default group radius

aaa accounting update periodic 30

aaa accounting dot1x default start-stop group radius

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+




interface FastEthernet0/1

switchport access vlan 11

switchport mode access

speed 100

duplex full

authentication order dot1x mab webauth

authentication port-control auto

mab

dot1x pae authenticator

dot1x timeout tx-period 3

dot1x timeout supp-timeout 3

spanning-tree portfast

spanning-tree bpduguard enable



Can anyone suggest me ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Mon, 12/30/2013 - 09:12
User Badges:
  • Cisco Employee,

What device do we have connected on the switch port like phone or PC? Do you have the valid client/user certificate on the device connected to the switch port fa0/1? At this point your switch port is set to single-host mode (by default).


Please turn on the debugs and perform 'shut' and 'no shut' on the interface fa0/1?


debug radius

debug aaa authentication

debug dot1x all


~BR
Jatin Katyal

**Do rate helpful posts**

Sri v Thu, 01/02/2014 - 00:08
User Badges:

Thanks for the reply jatin.


I have a client on the interface fa0/1 with a valid client certificate. And have a debug logs as below




*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Interface state changed to UP

*Mar  8 00:03:06.266: AAA/BIND(000001C7): Bind i/f 

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: initial state auth_initialize has enter

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_initialize_enter called

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)

*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: idle during state auth_disconnected

*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called

*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (0000.0000.0000)

*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called

*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle

*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)

*Mar  8 00:03:06.266: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called

*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Created a client entry (0xB0000DBA)

*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Dot1x authentication started for 0xB0000DBA (0000.0000.0000)

*Mar  8 00:03:06.266: dot1x-ev:DOT1X Supplicant not enabled on FastEthernet0/1

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA

*Mar  8 00:03:06.274:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)

*Mar  8 00:03:06.274: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA

*Mar  8 00:03:06.274:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  8 00:03:06.274: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.274: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:06.274: EAPOL pak dump Tx



*Mar  8 00:03:06.274: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:06.274: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:06.274: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (0000.0000.0000)

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): queuing an EAPOL pkt on Auth Q

*Mar  8 00:03:06.794: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:06.794: EAPOL pak dump rx

*Mar  8 00:03:06.794: EAPOL Version: 0x1  type: 0x1  length: 0x0000

*Mar  8 00:03:06.794: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 0,TYPE= 0,LEN= 0



*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0101.0000

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Couldn't find the supplicant in the list

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): New client detected, notifying AuthMgr

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Sending event (0) to Auth Mgr for d43d.7e65.4fc1

*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL-Start packet

*Mar  8 00:03:06.794: EAPOL pak dump rx

*Mar  8 00:03:06.794: EAPOL Version: 0x1  type: 0x1  length: 0x0000

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting EAPOL_START on Client 0xB0000DBA

*Mar  8 00:03:06.794:     dot1x_auth Fa0/1: during state auth_authenticating, got event 4(eapolStart)

*Mar  8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_aborting

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_enter called

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): 802.1x method gets the go ahead from Auth Mgr for 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.794: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting AUTH_ABORT for 0xB0000DBA

*Mar  8 00:03:06.794:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 1(authAbort)

*Mar  8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_initialize

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called

*Mar  8 00:03:06.794:     dot1x_auth_bend Fa0/1: idle during state auth_bend_initialize

*Mar  8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting !AUTH_ABORT on Client 0xB0000DBA

*Mar  8 00:03:06.794:     dot1x_auth Fa0/1: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)

*Mar  8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_aborting -> auth_restart

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_exit called

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Resetting the client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_restart_action called

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA

*Mar  8 00:03:06.802:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:06.802: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA

*Mar  8 00:03:06.811:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)

*Mar  8 00:03:06.811: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA

*Mar  8 00:03:06.811:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.811: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:06.811: EAPOL pak dump Tx

*Mar  8 00:03:06.811: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:06.811: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:06.811: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:06.811: EAPOL pak dump rx

*Mar  8 00:03:06.811: EAPOL Version: 0x1  type: 0x0  length: 0x0022

*Mar  8 00:03:06.811: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 1,LEN= 34



*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0100.0022

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet

*Mar  8 00:03:06.811: EAPOL pak dump rx

*Mar  8 00:03:06.811: EAPOL Version: 0x1  type: 0x0  length: 0x0022

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA

*Mar  8 00:03:06.811:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called

*Mar  8 00:03:06.811: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'

*Mar  8 00:03:06.819: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X

*Mar  8 00:03:06.819: RADIUS(000001C7): Config NAS IP: 0.0.0.0

*Mar  8 00:03:06.819: RADIUS/ENCODE(000001C7): acct_session_id: 724

*Mar  8 00:03:06.819: RADIUS(000001C7): sending

*Mar  8 00:03:06.819: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59

*Mar  8 00:03:06.819: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/83, len 251

*Mar  8 00:03:06.819: RADIUS:  authenticator A1 79 FA E5 F4 B7 7F 4F - 2B 73 3A 0D 1F D8 89 20

*Mar  8 00:03:06.819: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"

*Mar  8 00:03:06.819: RADIUS:  Service-Type        [6]   6   Framed                    [2]

*Mar  8 00:03:06.819: RADIUS:  Framed-MTU          [12]  6   1500                     

*Mar  8 00:03:06.819: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"

*Mar  8 00:03:06.819: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"

*Mar  8 00:03:06.819: RADIUS:  EAP-Message         [79]  36 

*Mar  8 00:03:06.819: RADIUS:   02 01 00 22 01 68 6F 73 74 2F 44 30 39 30 32 4D 41 4C 4C 30  ["host/D0902MALL0]

*Mar  8 00:03:06.819: RADIUS:   30 35 2E 49 4E 2E 69 6E 74 72 61 6E 65 74    [ 05.IN.intranet]

*Mar  8 00:03:06.819: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:06.819: RADIUS:   D6 6F 7B CD 36 46 5E F6 90 6F 85 A8 BD BD AE D8            [ o{6F^o]

*Mar  8 00:03:06.819: RADIUS:  EAP-Key-Name        [102] 2   *

*Mar  8 00:03:06.819: RADIUS:  Vendor, Cisco       [26]  49 

*Mar  8 00:03:06.819: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"

*Mar  8 00:03:06.819: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

*Mar  8 00:03:06.819: RADIUS:  NAS-Port            [5]   6   50001                    

*Mar  8 00:03:06.819: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"

*Mar  8 00:03:06.819: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:06.819: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:06.819: RADIUS(000001C7): Started 3 sec timeout

*Mar  8 00:03:06.861: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up

*Mar  8 00:03:06.903: RADIUS: Received from id 1645/83 10.26.13.59:1812, Access-Challenge, len 76

*Mar  8 00:03:06.903: RADIUS:  authenticator 7B 1C DC CA A8 92 E9 34 - 17 86 25 2F 9D 7E 63 96

*Mar  8 00:03:06.903: RADIUS:  EAP-Message         [79]  8  

*Mar  8 00:03:06.903: RADIUS:   01 02 00 06 0D 20                 [  ]

*Mar  8 00:03:06.903: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:06.903: RADIUS:   DD F3 7B 33 37 6D 40 BD F3 D2 78 DF F1 14 4D E4           [ {[email protected]]

*Mar  8 00:03:06.903: RADIUS:  State               [24]  30 

*Mar  8 00:03:06.903: RADIUS:   00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70          [ [email protected]{Lp]

*Mar  8 00:03:06.911: RADIUS(000001C7): Received from id 1645/83

*Mar  8 00:03:06.911: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA

*Mar  8 00:03:06.911:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)

*Mar  8 00:03:06.911: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.911: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:06.911: EAPOL pak dump Tx

*Mar  8 00:03:06.911: EAPOL Version: 0x3  type: 0x0  length: 0x0006

*Mar  8 00:03:06.911: EAP code: 0x1  id: 0x2  length: 0x0006 type: 0xD

*Mar  8 00:03:06.911: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called

*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:06.920: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:06.920: EAPOL pak dump rx

*Mar  8 00:03:06.920: EAPOL Version: 0x1  type: 0x0  length: 0x0069

*Mar  8 00:03:06.920: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 105



*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0100.0069

*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet

*Mar  8 00:03:06.920: EAPOL pak dump rx

*Mar  8 00:03:06.920: EAPOL Version: 0x1  type: 0x0  length: 0x0069

*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1

*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA

*Mar  8 00:03:06.920:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  8 00:03:06.920: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response

*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called

*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called

*Mar  8 00:03:06.920: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'

*Mar  8 00:03:06.920: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X

*Mar  8 00:03:06.920: RADIUS(000001C7): Config NAS IP: 0.0.0.0

*Mar  8 00:03:06.920: RADIUS/ENCODE(000001C7): acct_session_id: 724

*Mar  8 00:03:06.920: RADIUS(000001C7): sending

*Mar  8 00:03:06.920: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59

*Mar  8 00:03:06.920: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/84, len 352

*Mar  8 00:03:06.920: RADIUS:  authenticator 41 72 8D 6A B4 72 19 84 - 1B C8 33 F7 95 DD 07 BC

*Mar  8 00:03:06.928: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"

*Mar  8 00:03:06.928: RADIUS:  Service-Type        [6]   6   Framed                    [2]

*Mar  8 00:03:06.928: RADIUS:  Framed-MTU          [12]  6   1500                     

*Mar  8 00:03:06.928: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"

*Mar  8 00:03:06.928: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"

*Mar  8 00:03:06.928: RADIUS:  EAP-Message         [79]  107

*Mar  8 00:03:06.928: RADIUS:   02 02 00 69 0D 80 00 00 00 5F 16 03 01 00 5A 01 00 00 56 03 01 52 C5 45 4F 07 CA B3 29 50 A7 CE 40 76 B6 BD F0 50 D4 CE 9A 8A 02 C4 3D 40 35 B5 F0 E1 E2 75  [i_ZVREO)[email protected][email protected]]

*Mar  8 00:03:06.928: RADIUS:   50 00 00 18 00 2F 00 35 00 05 00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 17 00 18 00 0B 00 02 01 00             [ P/528]

*Mar  8 00:03:06.928: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:06.928: RADIUS:   A3 28 CE 27 20 C0 D6 2C 11 01 D6 61 1F C3 6F 03            [ (' ,ao]

*Mar  8 00:03:06.928: RADIUS:  EAP-Key-Name        [102] 2   *

*Mar  8 00:03:06.928: RADIUS:  Vendor, Cisco       [26]  49 

*Mar  8 00:03:06.928: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"

*Mar  8 00:03:06.928: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

*Mar  8 00:03:06.928: RADIUS:  NAS-Port            [5]   6   50001                    

*Mar  8 00:03:06.928: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"

*Mar  8 00:03:06.928: RADIUS:  State               [24]  30 

*Mar  8 00:03:06.928: RADIUS:   00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70          [ [email protected]{Lp]

*Mar  8 00:03:06.928: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:06.928: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:06.928: RADIUS(000001C7): Started 3 sec timeout

*Mar  8 00:03:07.004: RADIUS: Received from id 1645/84 10.26.13.59:1812, Access-Challenge, len 1188

*Mar  8 00:03:07.004: RADIUS:  authenticator 7B 52 29 05 7E C3 EF 8E - 13 38 30 03 4B 65 64 0F

*Mar  8 00:03:07.004: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.004: RADIUS:   01 03 04 56 0D C0 00 00 05 78 16 03 01 00 51 02 00 00 4D 03 01 52 C5 45 4F 0F 04 37 77 A0 C2 68 66 4E 45 92 AB 3D 7F 94 70 AF 36  [VxQMREO7whfNE=p6]

*Mar  8 00:03:07.004: RADIUS:   1D C5 17 23 5C F1 FA CA 60 B0 20 A5 48 16 D5 3F F9 B0 FF 38 1D D5 13 B3 88 13 06 EF DC 87 5C AE 17 E7 7E 80 84 21 58 64 F7 A6 36 00 35 00 00 05 FF 01 00 01 00 16 03 01 02 1C 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30  [#\` H?8\~!Xd6500]

*Mar  8 00:03:07.004: RADIUS:   82 01 77 A0 03 02 01 02 02 09 00 88 7A CB 35 3F 1E 3E 62 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50  [wz5?>b0*H0/10USP]

*Mar  8 00:03:07.004: RADIUS:   49 4E 41 56 44 30 30 30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C  [INAVD0000410UPol]

*Mar  8 00:03:07.004: RADIUS:   69 63 79 4D 61 6E 61 67 65 72 30 1E 17 0D 31 33 30 38 32  [icyManager013082]

*Mar  8 00:03:07.004: RADIUS:   37 30 37 32 34 33 30 5A 17 0D 31 34 30 38 32 37 30 37  [7072430Z14082707]

*Mar  8 00:03:07.004: RADIUS:   32 34 33 30 5A 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50 49 4E 41 56  [2430Z0/10USPINAV]

*Mar  8 00:03:07.004: RADIUS:   44 30 30               [ D00]

*Mar  8 00:03:07.004: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.004: RADIUS:   30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C 69 63 79 4D 61 6E 61  [00410UPolicyMana]

*Mar  8 00:03:07.004: RADIUS:   67 65 72 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 C9 B9 03 65 83 EB 39 86 14 BC 95 7B DB 07 7E C5 8A D7 DA C7 8A CA 5A 88 6E 0B 93 06 35 57  [ger00*H0e9{~Zn5W]

*Mar  8 00:03:07.012: RADIUS:   6E DE 93 CD C9 FE 8E 9F E1 5F A9 04 5C BD A9 AD 5A 04 6E 35 47 76 A1 58 E5 C4 32 D7 49 9E 17 75 20 C6 6F 45 40  [n_\Zn5GvX2Iu oE@]

*Mar  8 00:03:07.012: RADIUS:   AC EF 40 6D 15 38 F9 C2 28 7E C9 68 37 52 3B BF F4 C1 5E B8 BA 46 68 43 79 B1 65 66  [@m8(~h7R;^FhCyef]

*Mar  8 00:03:07.012: RADIUS:   9E 58 ED EC 8C 95 A2 D8 BF AA 77 AC 85 90 E3 AB C6 27 3A A2 22 AC 1C 48 B3 BF BE F7 85 CF 5C BB 2D 02 03 01 00 01 A3 32 30 30 30 0F 06 03 55 1D 11 04 08 30 06 87 04 0A 1A 0D 3B 30  [Xw':"H\-2000U0;0]

*Mar  8 00:03:07.012: RADIUS:   1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 03 30 0D 06 09 2A 86 48 86 F7 0D 01 01          [ U?0++0*H]

*Mar  8 00:03:07.012: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.012: RADIUS:   05 05 00 03 81 81 00 C4 46 3E 38 3D 53 0F 28 34 C1 A6 ED DC 70 76 9B 70 6B A8 95 7C 44 8E 7D 6E D6 8B 6D  [F>8=S(4pvpk|D}nm]

*Mar  8 00:03:07.012: RADIUS:   90 49 83 06 E4 BF 68 2F 9D 77 78 A3 76 76 19 84 AD 26 3F F3 ED AA 88 52 35 0E 35 DD 00 E5 96 88 44 30 79 A0 71  [Ih/wxvv&?R55D0yq]

*Mar  8 00:03:07.012: RADIUS:   8D 25 3E 77 A0 E0 43 92 33 55 40 E1 C8 EE 88 11 25 E2 70 28 11 6C 5A 4E 3D F1 93 57 0A 6F  [?>wC3U@?p(lZN=Wo]

*Mar  8 00:03:07.012: RADIUS:   36 51 72 04 08 C0 C0 DF F0 94 A9 F7 A1 05 C8 37 D6 F8 D4 9C 20 1A 7B CD 2C 17 83 7B 8E 20 F7 2D B6 16 03 01 02 FC 0D 00 02 F4 03 01 02 40 02 EE 00 63 30 61 31 0B 30  [6Qr7 {,{ [email protected]]

*Mar  8 00:03:07.012: RADIUS:   09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0A 13 0C 44 69 67 69 43 65 72 74 20 49  [UUS10UDigiCert I]

*Mar  8 00:03:07.012: RADIUS:   6E 63 31 19 30 17 06 03 55 04 0B 13 10 77 77 77 2E 64 69 67 69 63 65 72  [nc10Uwww.digicer]

*Mar  8 00:03:07.012: RADIUS:   74 2E 63 6F 6D 31 20 30 1E 06 03 55 04 03 13 17 44 69 67 69 43 65 72  [t.com1 0UDigiCer]

*Mar  8 00:03:07.012: RADIUS:   74 20 47 6C 6F 62 61 6C 20 52 6F 6F 74 20 43 41  [t Global Root CA]

*Mar  8 00:03:07.012: RADIUS:   00 48                 [ H]

*Mar  8 00:03:07.012: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.012: RADIUS:   30 46 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31  [0F10&,dintranet1]

*Mar  8 00:03:07.020: RADIUS:   12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 16 30 14 06 03 55 04 03 13 0D 49 6E 64 69 61 20 52  [0&,dIN10UIndia R]

*Mar  8 00:03:07.020: RADIUS:   6F 6F 74 20 43 41 00 4A 30 48 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E  [oot CAJ0H10&,din]

*Mar  8 00:03:07.020: RADIUS:   74 72 61 6E 65 74 31 12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 18 30 16 06 03 55  [tranet10&,dIN10U]

*Mar  8 00:03:07.020: RADIUS:   04 03 13 0F 45 6E 74 65 72 70 72 69 73 65 20 43 41 2D 31 00 4D  [Enterprise CA-1M]

*Mar  8 00:03:07.020: RADIUS:   30 4B 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31  [0K10&,dintranet1]

*Mar  8 00:03:07.020: RADIUS:   12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 1B 30 19 06 03 55 04 03 13 12 49 4E 2D 53 50 49 4E  [0&,dIN10UIN-SPIN]

*Mar  8 00:03:07.020: RADIUS:   43 52 54 30 30 30 30 33 2D 43 41 00 D5 30 81 D2 31 0B 30 09 06 03 55 04 06 13 02 55  [CRT00003-CA010UU]

*Mar  8 00:03:07.020: RADIUS:   53 31 13 30 11 06 03 55 04              [ S10U]

*Mar  8 00:03:07.020: RADIUS:  EAP-Message         [79]  100

*Mar  8 00:03:07.020: RADIUS:   08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E  [California10USun]

*Mar  8 00:03:07.020: RADIUS:   6E 79 76 61 6C 65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E  [nyvale10UAruba N]

*Mar  8 00:03:07.020: RADIUS:   65 74 77 6F 72 6B 73 31 40 30 3E 06 03 55 04 03 0C 37 43 6C 65  [[email protected]>U7Cle]

*Mar  8 00:03:07.020: RADIUS:   61 72 50 61 73 73 20 4F 6E 62 6F 61 72 64 20 4C  [arPass Onboard L]

*Mar  8 00:03:07.020: RADIUS:   6F 63 61 6C 20 43 65 72 74 69        [ ocal Certi]

*Mar  8 00:03:07.020: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:07.020: RADIUS:   12 75 40 41 6F 40 6B 6F A5 FE AB 85 F3 B3 CF A4           [ [email protected]@ko]

*Mar  8 00:03:07.020: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.020: RADIUS:   00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1         [ oQKnEKkHw]

*Mar  8 00:03:07.029: RADIUS(000001C7): Received from id 1645/84

*Mar  8 00:03:07.029: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+98, total 1110 bytes

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA

*Mar  8 00:03:07.037:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)

*Mar  8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.037: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:07.037: EAPOL pak dump Tx

*Mar  8 00:03:07.037: EAPOL Version: 0x3  type: 0x0  length: 0x0456

*Mar  8 00:03:07.037: EAP code: 0x1  id: 0x3  length: 0x0456 type: 0xD

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:07.037: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:07.037: EAPOL pak dump rx

*Mar  8 00:03:07.037: EAPOL Version: 0x1  type: 0x0  length: 0x0006

*Mar  8 00:03:07.037: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 6



*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0100.0006

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet

*Mar  8 00:03:07.037: EAPOL pak dump rx

*Mar  8 00:03:07.037: EAPOL Version: 0x1  type: 0x0  length: 0x0006

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA

*Mar  8 00:03:07.037:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called

*Mar  8 00:03:07.037: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'

*Mar  8 00:03:07.046: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X

*Mar  8 00:03:07.046: RADIUS(000001C7): Config NAS IP: 0.0.0.0

*Mar  8 00:03:07.046: RADIUS/ENCODE(000001C7): acct_session_id: 724

*Mar  8 00:03:07.046: RADIUS(000001C7): sending

*Mar  8 00:03:07.046: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59

*Mar  8 00:03:07.046: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/85, len 253

*Mar  8 00:03:07.046: RADIUS:  authenticator 1C D7 6D 40 A3 D6 BA B1 - A7 E6 70 DA 32 83 2E 19

*Mar  8 00:03:07.046: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"

*Mar  8 00:03:07.046: RADIUS:  Service-Type        [6]   6   Framed                    [2]

*Mar  8 00:03:07.046: RADIUS:  Framed-MTU          [12]  6   1500                     

*Mar  8 00:03:07.046: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"

*Mar  8 00:03:07.046: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"

*Mar  8 00:03:07.046: RADIUS:  EAP-Message         [79]  8  

*Mar  8 00:03:07.046: RADIUS:   02 03 00 06 0D 00

*Mar  8 00:03:07.046: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:07.046: RADIUS:   73 1D 89 5C 66 19 32 B6 63 C2 64 C1 04 42 A9 F9           [ s\f2cdB]

*Mar  8 00:03:07.046: RADIUS:  EAP-Key-Name        [102] 2   *

*Mar  8 00:03:07.046: RADIUS:  Vendor, Cisco       [26]  49 

*Mar  8 00:03:07.046: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"

*Mar  8 00:03:07.046: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

*Mar  8 00:03:07.046: RADIUS:  NAS-Port            [5]   6   50001                    

*Mar  8 00:03:07.046: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"

*Mar  8 00:03:07.046: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.046: RADIUS:   00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1         [ oQKnEKkHw]

*Mar  8 00:03:07.046: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:07.046: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:07.046: RADIUS(000001C7): Started 3 sec timeout

*Mar  8 00:03:07.113: RADIUS: Received from id 1645/85 10.26.13.59:1812, Access-Challenge, len 378

*Mar  8 00:03:07.113: RADIUS:  authenticator 1A 85 26 09 58 84 BC D4 - E0 A9 E3 C0 25 31 2D 31

*Mar  8 00:03:07.113: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.121: RADIUS:   01 04 01 32 0D 00 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74  [2ficate Authorit]

*Mar  8 00:03:07.121: RADIUS:   79 20 28 53 69 67 6E 69 6E 67 29 31 3F 30 3D 06 09 2A  [y (Signing)1?0=*]

*Mar  8 00:03:07.121: RADIUS:   86 48 86 F7 0D 01 09 01 16 30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D  [H0d6bb4f70-f412-]

*Mar  8 00:03:07.121: RADIUS:   34 35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36  [4552-aee2-c7a026]

*Mar  8 00:03:07.121: RADIUS:   66 62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63  [[email protected].c]

*Mar  8 00:03:07.121: RADIUS:   6F 6D 00 CB 30 81 C8 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66  [om010UUS10UCalif]

*Mar  8 00:03:07.121: RADIUS:   6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E 6E 79 76 61 6C  [ornia10USunnyval]

*Mar  8 00:03:07.121: RADIUS:   65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E 65 74 77 6F 72  [e10UAruba Networ]

*Mar  8 00:03:07.121: RADIUS:   6B 73 31 36 30 34 06 03 55 04 03 0C 2D 43 6C 65 61 72 50 61 73  [ks1604U-ClearPas]

*Mar  8 00:03:07.121: RADIUS:   73 20 4F 6E 62 6F 61 72 64 20 4C 6F 63 61 6C 20  [s Onboard Local ]

*Mar  8 00:03:07.121: RADIUS:   43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68  [Certificate Auth]

*Mar  8 00:03:07.121: RADIUS:   6F 72 69 74 79 31 3F 30 3D 06 09 2A 86 48 86 F7 0D 01 09 01 16       [ ority1?0=*H]

*Mar  8 00:03:07.121: RADIUS:  EAP-Message         [79]  55 

*Mar  8 00:03:07.121: RADIUS:   30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D 34  [0d6bb4f70-f412-4]

*Mar  8 00:03:07.121: RADIUS:   35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36 66  [552-aee2-c7a026f]

*Mar  8 00:03:07.121: RADIUS:   62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63 6F  [[email protected]]

*Mar  8 00:03:07.121: RADIUS:   6D 0E 00 00 00                 [ m]

*Mar  8 00:03:07.121: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:07.121: RADIUS:   4C 46 AA B9 A5 D5 DF EA DB E7 2B 7B 51 7E 58 3F          [ LF+{Q~X?]

*Mar  8 00:03:07.121: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.121: RADIUS:   00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1            [ E

*Mar  8 00:03:07.121: RADIUS(000001C7): Received from id 1645/85

*Mar  8 00:03:07.121: RADIUS/DECODE: EAP-Message fragments, 253+53, total 306 bytes

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA

*Mar  8 00:03:07.130:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)

*Mar  8 00:03:07.130: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.130: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:07.130: EAPOL pak dump Tx

*Mar  8 00:03:07.130: EAPOL Version: 0x3  type: 0x0  length: 0x0132

*Mar  8 00:03:07.130: EAP code: 0x1  id: 0x4  length: 0x0132 type: 0xD

*Mar  8 00:03:07.130: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called

*Mar  8 00:03:07.138: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.138: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:07.138: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:07.138: EAPOL pak dump rx

*Mar  8 00:03:07.138: EAPOL Version: 0x1  type: 0x0  length: 0x05D4

*Mar  8 00:03:07.138: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 1492



*Mar  8 00:03:07.138: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:07.138: dot1x-ev(Fa0/1):

^Z

Malleswaram_2960#

*Mar  8 00:03:07.180: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.180: RADIUS:   00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1            [ E

*Mar  8 00:03:07.180: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:07.180: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:07.180: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:07.893: %SYS-5-CONFIG_I: Configured from console by jameela on vty0 (10.26.20.5)

Malleswaram_2960#

*Mar  8 00:03:10.225: RADIUS(000001C7): Request timed out

*Mar  8 00:03:10.225: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:10.225: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:13.354: RADIUS(000001C7): Request timed out

*Mar  8 00:03:13.354: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:13.354: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:16.307: RADIUS(000001C7): Request timed out

*Mar  8 00:03:16.307: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:16.307: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:19.369: RADIUS(000001C7): Request timed out

*Mar  8 00:03:19.369: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:19.369: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:22.456: RADIUS(000001C7): Request timed out

*Mar  8 00:03:22.456: RADIUS: Fail-over denied to  (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:22.456: RADIUS: No response from (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:22.456: RADIUS/DECODE: parse response no app start; FAIL

*Mar  8 00:03:22.456: RADIUS/DECODE: parse response; FAIL

*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Received an EAP Fail

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting EAP_FAIL for 0xB0000DBA

*Mar  8 00:03:22.456:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 10(eapFail)

*Mar  8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_fail

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_fail_enter called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_fail_action called

*Mar  8 00:03:22.456:     dot1x_auth_bend Fa0/1: idle during state auth_bend_fail

*Mar  8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_fail -> auth_bend_idle

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting AUTH_FAIL on Client 0xB0000DBA

*Mar  8 00:03:22.456:     dot1x_auth Fa0/1: during state auth_authenticating, got event 15(authFail)

*Mar  8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_authc_result

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authc_result_enter called

*Mar  8 00:03:22.456: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Sending event (2) to Auth Mgr for d43d.7e65.4fc1

*Mar  8 00:03:22.456: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB

*Mar  8 00:03:22.456: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB

*Mar  8 00:03:22.456: dot1x-redundancy: State for client  d43d.7e65.4fc1 successfully retrieved

*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Received Authz fail for the client  0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting_AUTHZ_FAIL on Client 0xB0000DBA

*Mar  8 00:03:22.456:     dot1x_auth Fa0/1: during state auth_authc_result, got event 22(authzFail)

*Mar  8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authc_result -> auth_held

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_enter called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:22.464: EAPOL pak dump Tx

*Mar  8 00:03:22.464: EAPOL Version: 0x3  type: 0x0  length: 0x0004

*Mar  8 00:03:22.464: EAP code: 0x4  id: 0x4  length: 0x0004

*Mar  8 00:03:22.464: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting FAILOVER_RETRY on Client 0xB0000DBA

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_held, got event 21(failover_retry)

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_held -> auth_restart

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_exit called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_restart_action called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting REAUTH_MAX on Client 0xB0000DBA

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_connecting, got event 11(reAuthMax)

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_disconnected

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): d43d.7e65.4fc1:auth_disconnected_enter sending canned failure to version 1 supplicant

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:22.464: EAPOL pak dump Tx

*Mar  8 00:03:22.464: EAPOL Version: 0x3  type: 0x0  length: 0x0004

*Mar  8 00:03:22.464: EAP code: 0x4  id: 0x5  length: 0x0004

*Mar  8 00:03:22.464: dot1x-packet(Fa0/1): dot1x_auth_txCannedStatus: EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_disconnected_reAuthMax_action called

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: idle during state auth_disconnected

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending event (1) to Auth Mgr for d43d.7e65.4fc1

*Mar  8 00:03:22.464: dot1x-ev:Delete auth client (0xB0000DBA) message

*Mar  8 00:03:22.464: dot1x-ev:Auth client ctx destroyed

*Mar  8 00:03:22.674: AAA/BIND(000001C8): Bind i/f 

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: initial state auth_initialize has enter

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_initialize_enter called

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_disconnected_enter called

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: idle during state auth_disconnected

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_enter called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0x4A000DBB (0000.0000.0000)

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_initialize_enter called

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)

*Mar  8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_enter called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Created a client entry (0x4A000DBB)

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Dot1x authentication started for 0x4A000DBB (0000.0000.0000)

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0x4A000DBB

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_enter called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_connecting_action called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0x4A000DBB

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_authenticating_enter called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_authenticating_action called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting AUTH_START for 0x4A000DBB

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Role determination not required

Malleswaram_2960#

*Mar  8 00:03:22.674: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:22.674: EAPOL pak dump Tx

*Mar  8 00:03:22.674: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:22.674: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:22.674: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (0000.0000.0000)

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_request_action called

*Mar  8 00:03:22.791: dot1x-ev(Fa0/1): New client notification from AuthMgr for 0x4A000DBB - d43d.7e65.4fc1

*Mar  8 00:03:22.791: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB

*Mar  8 00:03:25.761:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)

*Mar  8 00:03:25.761: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request

*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called

*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called

*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:25.761: dot1x-registry:registry:dot1x_ether_macaddr called

Malleswaram_2960#n

*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:25.761: EAPOL pak dump Tx

*Mar  8 00:03:25.761: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:25.761: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:25.761: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)

Malleswaram_2960#no debu

Malleswaram_2960#no debug

*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB

*Mar  8 00:03:28.848:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)

*Mar  8 00:03:28.848: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request

*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called

*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called

*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:28.848: dot1x-registry:registry:dot1x_ether_macaddr called

Malleswaram_2960#no debug all

*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:28.848: EAPOL pak dump Tx

*Mar  8 00:03:28.848: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:28.848: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:28.848: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)

Malleswaram_2960#no debug all

All possible debugging has been turned off

Malleswaram_2960#

*Mar  8 00:03:31.180: AAA: parse name=tty1 idb type=-1 tty=-1

*Mar  8 00:03:31.180: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0

*Mar  8 00:03:31.180: AAA/MEMORY: create_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' ds0=0 port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0) key=C9A1F1D1

*Mar  8 00:03:31.389: TAC+: (-1901802859): received author response status = PASS_ADD

*Mar  8 00:03:31.389: AAA/MEMORY: free_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15

*Mar  8 00:03:31.935: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:03:31.935: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:03:31.935: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:03:31.935: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:03:31.935: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#no deb

Malleswaram_2960#no debug al

Malleswaram_2960#no debug all

All possible debugging has been turned off

Malleswaram_2960#

*Mar  8 00:04:32.677: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:04:41.938: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:04:41.938: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:04:41.938: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:04:41.938: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:04:41.938: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:05:42.654: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:05:51.915: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:05:51.915: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:05:51.915: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:05:51.915: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:05:51.915: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3



Pls dont worry about day and time.

Jatin Katyal Fri, 01/03/2014 - 12:17
User Badges:
  • Cisco Employee,

What error do you see on the radius server? Can you attach the machine certificate in your next reply?


~BR
Jatin Katyal

**Do rate helpful posts**

Sri v Mon, 01/06/2014 - 05:16
User Badges:

Hi Jatin,


Please find the error logs in the radius server. Ther certificate is generate by AD on the PC itself.




Request log details for session: R00167881-11-52ca9981

Time           Message

2014-01-06 17:24:41,375           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 212:216:D4-3D-7E-65-4F-AA

2014-01-06 17:24:41,381           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321820 h=199 r=R00167881-11-52ca9981] INFO Core.ServiceReqHandler - Service classification result = Certificate_based_Auth_Branch_Office

2014-01-06 17:24:41,382           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "Certificate_based_Auth_Branch_Office"

2014-01-06 17:24:41,383           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_ldap: searching for user d43d7e654faa in AD:spininf00001.in.intranet

2014-01-06 17:24:41,386           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_macauth: Rejecting MAC auth request from Unknown/Disabled client

2014-01-06 17:24:41,386           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.EndpointTable - Returning NULL (EndpointPtr) for macAddr d43d7e654faa

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.TagDefinitionCacheTable - No InstanceTagDefCacheMap found for instance id = 3368 entity id = 29

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.TagDefinitionCacheTable - Building the TagDefMapTable for NAD instance=3368

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.TagDefinitionCacheTable - Built 0 tag(s) for NAD instanceId=3368|entityId=29

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=3368|entity=Device

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.EndpointTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Endpoint)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 h=2550047 c=R00167881-11-52ca9981] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Started ***

2014-01-06 17:24:41,391           [AuthReqThreadPool-11-0x7f11bb5fa700 r=R00167881-11-52ca9981 h=40] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{memberOf}), error=No values for param=memberOf

2014-01-06 17:24:41,391           [AuthReqThreadPool-11-0x7f11bb5fa700 r=R00167881-11-52ca9981 h=40] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{memberOf})

2014-01-06 17:24:41,392           [AuthReqThreadPool-11-0x7f11bb5fa700 r=R00167881-11-52ca9981 h=40] WARN Ldap.LdapQuery - Failed to get value for attributes=Department, Groups, HostName, OSServicePack, OperatingSystem, Title]

2014-01-06 17:24:41,392           [RequestHandler-1-0x7f10c55ea700 h=2550049 c=R00167881-11-52ca9981] INFO Core.PETaskRoleMapping - Roles:

2014-01-06 17:24:41,395           [RequestHandler-1-0x7f10c55ea700 h=2550052 c=R00167881-11-52ca9981] INFO Core.PETaskEnforcement - EnfProfiles: Deny Access Profile]

2014-01-06 17:24:41,396           [RequestHandler-1-0x7f10c55ea700 h=2550057 c=R00167881-11-52ca9981] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550053 c=R00167881-11-52ca9981] INFO Core.PETaskRadiusEnfProfileBuilder - EnfProfileAction=DENY

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550053 c=R00167881-11-52ca9981] INFO Core.PETaskRadiusEnfProfileBuilder - Radius enfProfiles used: Deny Access Profile]

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550053 c=R00167881-11-52ca9981] INFO Core.EnfProfileComputer - getFinalSessionTimeout: sessionTimeout = 0

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550058 c=R00167881-11-52ca9981] INFO Core.PETaskCliEnforcement - startHandler: Request rejected. Skip CLI enforcement

2014-01-06 17:24:41,398           [RequestHandler-1-0x7f10c55ea700 r=R00167881-11-52ca9981 h=2550056 c=R00167881-11-52ca9981] INFO Core.PETaskPostAuthEnfProfileBuilder - getApplicableProfiles: No Post auth enforcement profiles applicable for this device

2014-01-06 17:24:41,399           [RequestHandler-1-0x7f10c55ea700 r=R00167881-11-52ca9981 h=2550054 c=R00167881-11-52ca9981] INFO Core.PETaskRadiusCoAEnfProfileBuilder - getApplicableProfiles: No radius_coa enforcement profiles applicable for this device

2014-01-06 17:24:41,402           [RequestHandler-1-0x7f10c55ea700 h=2550060 c=R00167881-11-52ca9981] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs

2014-01-06 17:24:41,402           [RequestHandler-1-0x7f10c55ea700 h=2550060 c=R00167881-11-52ca9981] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr

2014-01-06 17:24:41,402           [RequestHandler-1-0x7f10c55ea700 h=2550059 c=R00167881-11-52ca9981] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr

2014-01-06 17:24:41,403           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_policy: Received Deny Enforcement Profile

2014-01-06 17:24:41,403           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_policy: Policy Server reply does not contain Posture-Validation-Response

2014-01-06 17:24:41,403           [RequestHandler-1-0x7f10c55ea700 r=R00167881-11-52ca9981 h=2550047 c=R00167881-11-52ca9981] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Completed ***

Attachment: 

Actions

This Discussion

Related Content