Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authentication event no-response problem

I'm trying to setup a switch so that it will send a non-dot1x supplicant to a guest vlan so that they can retrieve and install the dot1x configuration files.  Then once they reauthenticate they get authorised by our NAC system which works via freeradius.

All this works with no problems, but I'm finding that the no-response event kicks in a little too quickly and my registered supplicants are being put into this vlan whenever they boot up.  If I remove this line from the config they get put into the production vlan via the NAC with no problems.

The switchport config is:

switchport mode access

authentication event no-response action authorize vlan 704

authentication order dot1x

authentication priority dot1x

authentication port-control auto

authentication periodic

authentication timer restart 10800

authentication timer reauthenticate 7200

no snmp trap link-status

dot1x pae authenticator

dot1x timeout tx-period 3

dot1x timeout supp-timeout 60

spanning-tree portfast

As you can see I have cranked up the supp-timeout to 60 seconds to see if this helps resolve the issue.  However it hasn't, the supplicant gets put into the vlan 704 almost immediately after the boot up.  If I remove the no-response line, the client gets put into the production vlan straight away.

Can anyone help please?

525
Views
0
Helpful
0
Replies
CreatePlease login to create content