Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

IEEE 802.1x with EAP-TLS issue in cisco 2960

In My Cisco 2960 switch is not working with EAP-TLS mechanism of 802.1x but its works well with other  protocols like EAP-PEAP or MAC Address authentication.

Below is the configuration

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authentication dot1x default group radius

aaa authorization commands 15 default group tacacs+ local

aaa authorization network default group radius

aaa authorization configuration default group radius

aaa accounting update periodic 30

aaa accounting dot1x default start-stop group radius

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

interface FastEthernet0/1

switchport access vlan 11

switchport mode access

speed 100

duplex full

authentication order dot1x mab webauth

authentication port-control auto

mab

dot1x pae authenticator

dot1x timeout tx-period 3

dot1x timeout supp-timeout 3

spanning-tree portfast

spanning-tree bpduguard enable

Can anyone suggest me ?

Everyone's tags (1)
4 REPLIES
Cisco Employee

IEEE 802.1x with EAP-TLS issue in cisco 2960

What device do we have connected on the switch port like phone or PC? Do you have the valid client/user certificate on the device connected to the switch port fa0/1? At this point your switch port is set to single-host mode (by default).

Please turn on the debugs and perform 'shut' and 'no shut' on the interface fa0/1?

debug radius

debug aaa authentication

debug dot1x all

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: IEEE 802.1x with EAP-TLS issue in cisco 2960

Thanks for the reply jatin.

I have a client on the interface fa0/1 with a valid client certificate. And have a debug logs as below

*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Interface state changed to UP

*Mar  8 00:03:06.266: AAA/BIND(000001C7): Bind i/f 

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: initial state auth_initialize has enter

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_initialize_enter called

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)

*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: idle during state auth_disconnected

*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called

*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (0000.0000.0000)

*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called

*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle

*Mar  8 00:03:06.266:     dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)

*Mar  8 00:03:06.266: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called

*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Created a client entry (0xB0000DBA)

*Mar  8 00:03:06.266: dot1x-ev(Fa0/1): Dot1x authentication started for 0xB0000DBA (0000.0000.0000)

*Mar  8 00:03:06.266: dot1x-ev:DOT1X Supplicant not enabled on FastEthernet0/1

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA

*Mar  8 00:03:06.266:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:06.266: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:06.266: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA

*Mar  8 00:03:06.274:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)

*Mar  8 00:03:06.274: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA

*Mar  8 00:03:06.274:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  8 00:03:06.274: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.274: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:06.274: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:06.274: EAPOL pak dump Tx

*Mar  8 00:03:06.274: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:06.274: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:06.274: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (0000.0000.0000)

*Mar  8 00:03:06.274: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): queuing an EAPOL pkt on Auth Q

*Mar  8 00:03:06.794: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:06.794: EAPOL pak dump rx

*Mar  8 00:03:06.794: EAPOL Version: 0x1  type: 0x1  length: 0x0000

*Mar  8 00:03:06.794: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 0,TYPE= 0,LEN= 0

*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0101.0000

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Couldn't find the supplicant in the list

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): New client detected, notifying AuthMgr

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Sending event (0) to Auth Mgr for d43d.7e65.4fc1

*Mar  8 00:03:06.794: dot1x-packet(Fa0/1): Received an EAPOL-Start packet

*Mar  8 00:03:06.794: EAPOL pak dump rx

*Mar  8 00:03:06.794: EAPOL Version: 0x1  type: 0x1  length: 0x0000

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting EAPOL_START on Client 0xB0000DBA

*Mar  8 00:03:06.794:     dot1x_auth Fa0/1: during state auth_authenticating, got event 4(eapolStart)

*Mar  8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_aborting

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_enter called

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): 802.1x method gets the go ahead from Auth Mgr for 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.794: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting AUTH_ABORT for 0xB0000DBA

*Mar  8 00:03:06.794:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 1(authAbort)

*Mar  8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_initialize

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_initialize_enter called

*Mar  8 00:03:06.794:     dot1x_auth_bend Fa0/1: idle during state auth_bend_initialize

*Mar  8 00:03:06.794: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): Posting !AUTH_ABORT on Client 0xB0000DBA

*Mar  8 00:03:06.794:     dot1x_auth Fa0/1: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)

*Mar  8 00:03:06.794: @@@ dot1x_auth Fa0/1: auth_aborting -> auth_restart

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_exit called

*Mar  8 00:03:06.794: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Resetting the client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.794: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_aborting_restart_action called

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA

*Mar  8 00:03:06.802:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:06.802: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called

*Mar  8 00:03:06.802: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0xB0000DBA

*Mar  8 00:03:06.811:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)

*Mar  8 00:03:06.811: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_enter called

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_authenticating_action called

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting AUTH_START for 0xB0000DBA

*Mar  8 00:03:06.811:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.811: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:06.811: EAPOL pak dump Tx

*Mar  8 00:03:06.811: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:06.811: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_request_action called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:06.811: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:06.811: EAPOL pak dump rx

*Mar  8 00:03:06.811: EAPOL Version: 0x1  type: 0x0  length: 0x0022

*Mar  8 00:03:06.811: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 1,LEN= 34

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0100.0022

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet

*Mar  8 00:03:06.811: EAPOL pak dump rx

*Mar  8 00:03:06.811: EAPOL Version: 0x1  type: 0x0  length: 0x0022

*Mar  8 00:03:06.811: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA

*Mar  8 00:03:06.811:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  8 00:03:06.811: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called

*Mar  8 00:03:06.811: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.811: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called

*Mar  8 00:03:06.811: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'

*Mar  8 00:03:06.819: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X

*Mar  8 00:03:06.819: RADIUS(000001C7): Config NAS IP: 0.0.0.0

*Mar  8 00:03:06.819: RADIUS/ENCODE(000001C7): acct_session_id: 724

*Mar  8 00:03:06.819: RADIUS(000001C7): sending

*Mar  8 00:03:06.819: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59

*Mar  8 00:03:06.819: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/83, len 251

*Mar  8 00:03:06.819: RADIUS:  authenticator A1 79 FA E5 F4 B7 7F 4F - 2B 73 3A 0D 1F D8 89 20

*Mar  8 00:03:06.819: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"

*Mar  8 00:03:06.819: RADIUS:  Service-Type        [6]   6   Framed                    [2]

*Mar  8 00:03:06.819: RADIUS:  Framed-MTU          [12]  6   1500                     

*Mar  8 00:03:06.819: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"

*Mar  8 00:03:06.819: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"

*Mar  8 00:03:06.819: RADIUS:  EAP-Message         [79]  36 

*Mar  8 00:03:06.819: RADIUS:   02 01 00 22 01 68 6F 73 74 2F 44 30 39 30 32 4D 41 4C 4C 30  ["host/D0902MALL0]

*Mar  8 00:03:06.819: RADIUS:   30 35 2E 49 4E 2E 69 6E 74 72 61 6E 65 74    [ 05.IN.intranet]

*Mar  8 00:03:06.819: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:06.819: RADIUS:   D6 6F 7B CD 36 46 5E F6 90 6F 85 A8 BD BD AE D8            [ o{6F^o]

*Mar  8 00:03:06.819: RADIUS:  EAP-Key-Name        [102] 2   *

*Mar  8 00:03:06.819: RADIUS:  Vendor, Cisco       [26]  49 

*Mar  8 00:03:06.819: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"

*Mar  8 00:03:06.819: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

*Mar  8 00:03:06.819: RADIUS:  NAS-Port            [5]   6   50001                    

*Mar  8 00:03:06.819: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"

*Mar  8 00:03:06.819: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:06.819: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:06.819: RADIUS(000001C7): Started 3 sec timeout

*Mar  8 00:03:06.861: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up

*Mar  8 00:03:06.903: RADIUS: Received from id 1645/83 10.26.13.59:1812, Access-Challenge, len 76

*Mar  8 00:03:06.903: RADIUS:  authenticator 7B 1C DC CA A8 92 E9 34 - 17 86 25 2F 9D 7E 63 96

*Mar  8 00:03:06.903: RADIUS:  EAP-Message         [79]  8  

*Mar  8 00:03:06.903: RADIUS:   01 02 00 06 0D 20                 [  ]

*Mar  8 00:03:06.903: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:06.903: RADIUS:   DD F3 7B 33 37 6D 40 BD F3 D2 78 DF F1 14 4D E4           [ {37m@xM]

*Mar  8 00:03:06.903: RADIUS:  State               [24]  30 

*Mar  8 00:03:06.903: RADIUS:   00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70          [ }@EP.{Lp]

*Mar  8 00:03:06.911: RADIUS(000001C7): Received from id 1645/83

*Mar  8 00:03:06.911: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA

*Mar  8 00:03:06.911:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)

*Mar  8 00:03:06.911: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.911: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:06.911: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:06.911: EAPOL pak dump Tx

*Mar  8 00:03:06.911: EAPOL Version: 0x3  type: 0x0  length: 0x0006

*Mar  8 00:03:06.911: EAP code: 0x1  id: 0x2  length: 0x0006 type: 0xD

*Mar  8 00:03:06.911: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.911: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called

*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:06.920: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:06.920: EAPOL pak dump rx

*Mar  8 00:03:06.920: EAPOL Version: 0x1  type: 0x0  length: 0x0069

*Mar  8 00:03:06.920: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 105

*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0100.0069

*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet

*Mar  8 00:03:06.920: EAPOL pak dump rx

*Mar  8 00:03:06.920: EAPOL Version: 0x1  type: 0x0  length: 0x0069

*Mar  8 00:03:06.920: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1

*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA

*Mar  8 00:03:06.920:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  8 00:03:06.920: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response

*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called

*Mar  8 00:03:06.920: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:06.920: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called

*Mar  8 00:03:06.920: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'

*Mar  8 00:03:06.920: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X

*Mar  8 00:03:06.920: RADIUS(000001C7): Config NAS IP: 0.0.0.0

*Mar  8 00:03:06.920: RADIUS/ENCODE(000001C7): acct_session_id: 724

*Mar  8 00:03:06.920: RADIUS(000001C7): sending

*Mar  8 00:03:06.920: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59

*Mar  8 00:03:06.920: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/84, len 352

*Mar  8 00:03:06.920: RADIUS:  authenticator 41 72 8D 6A B4 72 19 84 - 1B C8 33 F7 95 DD 07 BC

*Mar  8 00:03:06.928: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"

*Mar  8 00:03:06.928: RADIUS:  Service-Type        [6]   6   Framed                    [2]

*Mar  8 00:03:06.928: RADIUS:  Framed-MTU          [12]  6   1500                     

*Mar  8 00:03:06.928: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"

*Mar  8 00:03:06.928: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"

*Mar  8 00:03:06.928: RADIUS:  EAP-Message         [79]  107

*Mar  8 00:03:06.928: RADIUS:   02 02 00 69 0D 80 00 00 00 5F 16 03 01 00 5A 01 00 00 56 03 01 52 C5 45 4F 07 CA B3 29 50 A7 CE 40 76 B6 BD F0 50 D4 CE 9A 8A 02 C4 3D 40 35 B5 F0 E1 E2 75  [i_ZVREO)P@vP=@5u]

*Mar  8 00:03:06.928: RADIUS:   50 00 00 18 00 2F 00 35 00 05 00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 04 00 17 00 18 00 0B 00 02 01 00             [ P/528]

*Mar  8 00:03:06.928: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:06.928: RADIUS:   A3 28 CE 27 20 C0 D6 2C 11 01 D6 61 1F C3 6F 03            [ (' ,ao]

*Mar  8 00:03:06.928: RADIUS:  EAP-Key-Name        [102] 2   *

*Mar  8 00:03:06.928: RADIUS:  Vendor, Cisco       [26]  49 

*Mar  8 00:03:06.928: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"

*Mar  8 00:03:06.928: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

*Mar  8 00:03:06.928: RADIUS:  NAS-Port            [5]   6   50001                    

*Mar  8 00:03:06.928: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"

*Mar  8 00:03:06.928: RADIUS:  State               [24]  30 

*Mar  8 00:03:06.928: RADIUS:   00 7D 00 9B 00 C1 00 40 ED B8 45 00 FC DD 50 2E DC 0E E6 03 FC 7B AD 4C B7 E7 B1 70          [ }@EP.{Lp]

*Mar  8 00:03:06.928: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:06.928: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:06.928: RADIUS(000001C7): Started 3 sec timeout

*Mar  8 00:03:07.004: RADIUS: Received from id 1645/84 10.26.13.59:1812, Access-Challenge, len 1188

*Mar  8 00:03:07.004: RADIUS:  authenticator 7B 52 29 05 7E C3 EF 8E - 13 38 30 03 4B 65 64 0F

*Mar  8 00:03:07.004: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.004: RADIUS:   01 03 04 56 0D C0 00 00 05 78 16 03 01 00 51 02 00 00 4D 03 01 52 C5 45 4F 0F 04 37 77 A0 C2 68 66 4E 45 92 AB 3D 7F 94 70 AF 36  [VxQMREO7whfNE=p6]

*Mar  8 00:03:07.004: RADIUS:   1D C5 17 23 5C F1 FA CA 60 B0 20 A5 48 16 D5 3F F9 B0 FF 38 1D D5 13 B3 88 13 06 EF DC 87 5C AE 17 E7 7E 80 84 21 58 64 F7 A6 36 00 35 00 00 05 FF 01 00 01 00 16 03 01 02 1C 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30  [#\` H?8\~!Xd6500]

*Mar  8 00:03:07.004: RADIUS:   82 01 77 A0 03 02 01 02 02 09 00 88 7A CB 35 3F 1E 3E 62 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50  [wz5?>b0*H0/10USP]

*Mar  8 00:03:07.004: RADIUS:   49 4E 41 56 44 30 30 30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C  [INAVD0000410UPol]

*Mar  8 00:03:07.004: RADIUS:   69 63 79 4D 61 6E 61 67 65 72 30 1E 17 0D 31 33 30 38 32  [icyManager013082]

*Mar  8 00:03:07.004: RADIUS:   37 30 37 32 34 33 30 5A 17 0D 31 34 30 38 32 37 30 37  [7072430Z14082707]

*Mar  8 00:03:07.004: RADIUS:   32 34 33 30 5A 30 2F 31 15 30 13 06 03 55 04 03 13 0C 53 50 49 4E 41 56  [2430Z0/10USPINAV]

*Mar  8 00:03:07.004: RADIUS:   44 30 30               [ D00]

*Mar  8 00:03:07.004: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.004: RADIUS:   30 30 34 31 16 30 14 06 03 55 04 0A 13 0D 50 6F 6C 69 63 79 4D 61 6E 61  [00410UPolicyMana]

*Mar  8 00:03:07.004: RADIUS:   67 65 72 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 C9 B9 03 65 83 EB 39 86 14 BC 95 7B DB 07 7E C5 8A D7 DA C7 8A CA 5A 88 6E 0B 93 06 35 57  [ger00*H0e9{~Zn5W]

*Mar  8 00:03:07.012: RADIUS:   6E DE 93 CD C9 FE 8E 9F E1 5F A9 04 5C BD A9 AD 5A 04 6E 35 47 76 A1 58 E5 C4 32 D7 49 9E 17 75 20 C6 6F 45 40  [n_\Zn5GvX2Iu oE@]

*Mar  8 00:03:07.012: RADIUS:   AC EF 40 6D 15 38 F9 C2 28 7E C9 68 37 52 3B BF F4 C1 5E B8 BA 46 68 43 79 B1 65 66  [@m8(~h7R;^FhCyef]

*Mar  8 00:03:07.012: RADIUS:   9E 58 ED EC 8C 95 A2 D8 BF AA 77 AC 85 90 E3 AB C6 27 3A A2 22 AC 1C 48 B3 BF BE F7 85 CF 5C BB 2D 02 03 01 00 01 A3 32 30 30 30 0F 06 03 55 1D 11 04 08 30 06 87 04 0A 1A 0D 3B 30  [Xw':"H\-2000U0;0]

*Mar  8 00:03:07.012: RADIUS:   1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 03 30 0D 06 09 2A 86 48 86 F7 0D 01 01          [ U?0++0*H]

*Mar  8 00:03:07.012: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.012: RADIUS:   05 05 00 03 81 81 00 C4 46 3E 38 3D 53 0F 28 34 C1 A6 ED DC 70 76 9B 70 6B A8 95 7C 44 8E 7D 6E D6 8B 6D  [F>8=S(4pvpk|D}nm]

*Mar  8 00:03:07.012: RADIUS:   90 49 83 06 E4 BF 68 2F 9D 77 78 A3 76 76 19 84 AD 26 3F F3 ED AA 88 52 35 0E 35 DD 00 E5 96 88 44 30 79 A0 71  [Ih/wxvv&?R55D0yq]

*Mar  8 00:03:07.012: RADIUS:   8D 25 3E 77 A0 E0 43 92 33 55 40 E1 C8 EE 88 11 25 E2 70 28 11 6C 5A 4E 3D F1 93 57 0A 6F  [?>wC3U@?p(lZN=Wo]

*Mar  8 00:03:07.012: RADIUS:   36 51 72 04 08 C0 C0 DF F0 94 A9 F7 A1 05 C8 37 D6 F8 D4 9C 20 1A 7B CD 2C 17 83 7B 8E 20 F7 2D B6 16 03 01 02 FC 0D 00 02 F4 03 01 02 40 02 EE 00 63 30 61 31 0B 30  [6Qr7 {,{ -@c0a10]

*Mar  8 00:03:07.012: RADIUS:   09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0A 13 0C 44 69 67 69 43 65 72 74 20 49  [UUS10UDigiCert I]

*Mar  8 00:03:07.012: RADIUS:   6E 63 31 19 30 17 06 03 55 04 0B 13 10 77 77 77 2E 64 69 67 69 63 65 72  [nc10Uwww.digicer]

*Mar  8 00:03:07.012: RADIUS:   74 2E 63 6F 6D 31 20 30 1E 06 03 55 04 03 13 17 44 69 67 69 43 65 72  [t.com1 0UDigiCer]

*Mar  8 00:03:07.012: RADIUS:   74 20 47 6C 6F 62 61 6C 20 52 6F 6F 74 20 43 41  [t Global Root CA]

*Mar  8 00:03:07.012: RADIUS:   00 48                 [ H]

*Mar  8 00:03:07.012: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.012: RADIUS:   30 46 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31  [0F10&,dintranet1]

*Mar  8 00:03:07.020: RADIUS:   12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 16 30 14 06 03 55 04 03 13 0D 49 6E 64 69 61 20 52  [0&,dIN10UIndia R]

*Mar  8 00:03:07.020: RADIUS:   6F 6F 74 20 43 41 00 4A 30 48 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E  [oot CAJ0H10&,din]

*Mar  8 00:03:07.020: RADIUS:   74 72 61 6E 65 74 31 12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 18 30 16 06 03 55  [tranet10&,dIN10U]

*Mar  8 00:03:07.020: RADIUS:   04 03 13 0F 45 6E 74 65 72 70 72 69 73 65 20 43 41 2D 31 00 4D  [Enterprise CA-1M]

*Mar  8 00:03:07.020: RADIUS:   30 4B 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74 72 61 6E 65 74 31  [0K10&,dintranet1]

*Mar  8 00:03:07.020: RADIUS:   12 30 10 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 02 49 4E 31 1B 30 19 06 03 55 04 03 13 12 49 4E 2D 53 50 49 4E  [0&,dIN10UIN-SPIN]

*Mar  8 00:03:07.020: RADIUS:   43 52 54 30 30 30 30 33 2D 43 41 00 D5 30 81 D2 31 0B 30 09 06 03 55 04 06 13 02 55  [CRT00003-CA010UU]

*Mar  8 00:03:07.020: RADIUS:   53 31 13 30 11 06 03 55 04              [ S10U]

*Mar  8 00:03:07.020: RADIUS:  EAP-Message         [79]  100

*Mar  8 00:03:07.020: RADIUS:   08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E  [California10USun]

*Mar  8 00:03:07.020: RADIUS:   6E 79 76 61 6C 65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E  [nyvale10UAruba N]

*Mar  8 00:03:07.020: RADIUS:   65 74 77 6F 72 6B 73 31 40 30 3E 06 03 55 04 03 0C 37 43 6C 65  [etworks1@0>U7Cle]

*Mar  8 00:03:07.020: RADIUS:   61 72 50 61 73 73 20 4F 6E 62 6F 61 72 64 20 4C  [arPass Onboard L]

*Mar  8 00:03:07.020: RADIUS:   6F 63 61 6C 20 43 65 72 74 69        [ ocal Certi]

*Mar  8 00:03:07.020: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:07.020: RADIUS:   12 75 40 41 6F 40 6B 6F A5 FE AB 85 F3 B3 CF A4           [ u@Ao@ko]

*Mar  8 00:03:07.020: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.020: RADIUS:   00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1         [ oQKnEKkHw]

*Mar  8 00:03:07.029: RADIUS(000001C7): Received from id 1645/84

*Mar  8 00:03:07.029: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+98, total 1110 bytes

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA

*Mar  8 00:03:07.037:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)

*Mar  8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.037: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:07.037: EAPOL pak dump Tx

*Mar  8 00:03:07.037: EAPOL Version: 0x3  type: 0x0  length: 0x0456

*Mar  8 00:03:07.037: EAP code: 0x1  id: 0x3  length: 0x0456 type: 0xD

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:07.037: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:07.037: EAPOL pak dump rx

*Mar  8 00:03:07.037: EAPOL Version: 0x1  type: 0x0  length: 0x0006

*Mar  8 00:03:07.037: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 6

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): Received pkt saddr =d43d.7e65.4fc1 , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0100.0006

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet

*Mar  8 00:03:07.037: EAPOL pak dump rx

*Mar  8 00:03:07.037: EAPOL Version: 0x1  type: 0x0  length: 0x0006

*Mar  8 00:03:07.037: dot1x-packet(Fa0/1): Received an EAP packet from d43d.7e65.4fc1

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0xB0000DBA

*Mar  8 00:03:07.037:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  8 00:03:07.037: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_enter called

*Mar  8 00:03:07.037: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:07.037: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_response_action called

*Mar  8 00:03:07.037: AAA/AUTHEN/8021X (000001C7): Pick method list 'default'

*Mar  8 00:03:07.046: RADIUS/ENCODE(000001C7):Orig. component type = DOT1X

*Mar  8 00:03:07.046: RADIUS(000001C7): Config NAS IP: 0.0.0.0

*Mar  8 00:03:07.046: RADIUS/ENCODE(000001C7): acct_session_id: 724

*Mar  8 00:03:07.046: RADIUS(000001C7): sending

*Mar  8 00:03:07.046: RADIUS/ENCODE: Best Local IP-Address 10.26.237.11 for Radius-Server 10.26.13.59

*Mar  8 00:03:07.046: RADIUS(000001C7): Send Access-Request to 10.26.13.59:1812 id 1645/85, len 253

*Mar  8 00:03:07.046: RADIUS:  authenticator 1C D7 6D 40 A3 D6 BA B1 - A7 E6 70 DA 32 83 2E 19

*Mar  8 00:03:07.046: RADIUS:  User-Name           [1]   31  "host/D0902MALL005.IN.intranet"

*Mar  8 00:03:07.046: RADIUS:  Service-Type        [6]   6   Framed                    [2]

*Mar  8 00:03:07.046: RADIUS:  Framed-MTU          [12]  6   1500                     

*Mar  8 00:03:07.046: RADIUS:  Called-Station-Id   [30]  19  "D4-A0-2A-EE-14-81"

*Mar  8 00:03:07.046: RADIUS:  Calling-Station-Id  [31]  19  "D4-3D-7E-65-4F-C1"

*Mar  8 00:03:07.046: RADIUS:  EAP-Message         [79]  8  

*Mar  8 00:03:07.046: RADIUS:   02 03 00 06 0D 00

*Mar  8 00:03:07.046: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:07.046: RADIUS:   73 1D 89 5C 66 19 32 B6 63 C2 64 C1 04 42 A9 F9           [ s\f2cdB]

*Mar  8 00:03:07.046: RADIUS:  EAP-Key-Name        [102] 2   *

*Mar  8 00:03:07.046: RADIUS:  Vendor, Cisco       [26]  49 

*Mar  8 00:03:07.046: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0A1AED0B000000EE240F5BAB"

*Mar  8 00:03:07.046: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

*Mar  8 00:03:07.046: RADIUS:  NAS-Port            [5]   6   50001                    

*Mar  8 00:03:07.046: RADIUS:  NAS-Port-Id         [87]  17  "FastEthernet0/1"

*Mar  8 00:03:07.046: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.046: RADIUS:   00 6F 00 51 00 4B 00 6E EE B8 45 00 4B AA 6B A9 B6 D6 C8 CC 48 1A 91 99 7F 77 D3 C1         [ oQKnEKkHw]

*Mar  8 00:03:07.046: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:07.046: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:07.046: RADIUS(000001C7): Started 3 sec timeout

*Mar  8 00:03:07.113: RADIUS: Received from id 1645/85 10.26.13.59:1812, Access-Challenge, len 378

*Mar  8 00:03:07.113: RADIUS:  authenticator 1A 85 26 09 58 84 BC D4 - E0 A9 E3 C0 25 31 2D 31

*Mar  8 00:03:07.113: RADIUS:  EAP-Message         [79]  255

*Mar  8 00:03:07.121: RADIUS:   01 04 01 32 0D 00 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74  [2ficate Authorit]

*Mar  8 00:03:07.121: RADIUS:   79 20 28 53 69 67 6E 69 6E 67 29 31 3F 30 3D 06 09 2A  [y (Signing)1?0=*]

*Mar  8 00:03:07.121: RADIUS:   86 48 86 F7 0D 01 09 01 16 30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D  [H0d6bb4f70-f412-]

*Mar  8 00:03:07.121: RADIUS:   34 35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36  [4552-aee2-c7a026]

*Mar  8 00:03:07.121: RADIUS:   66 62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63  [fba218@example.c]

*Mar  8 00:03:07.121: RADIUS:   6F 6D 00 CB 30 81 C8 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66  [om010UUS10UCalif]

*Mar  8 00:03:07.121: RADIUS:   6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 0C 09 53 75 6E 6E 79 76 61 6C  [ornia10USunnyval]

*Mar  8 00:03:07.121: RADIUS:   65 31 17 30 15 06 03 55 04 0A 0C 0E 41 72 75 62 61 20 4E 65 74 77 6F 72  [e10UAruba Networ]

*Mar  8 00:03:07.121: RADIUS:   6B 73 31 36 30 34 06 03 55 04 03 0C 2D 43 6C 65 61 72 50 61 73  [ks1604U-ClearPas]

*Mar  8 00:03:07.121: RADIUS:   73 20 4F 6E 62 6F 61 72 64 20 4C 6F 63 61 6C 20  [s Onboard Local ]

*Mar  8 00:03:07.121: RADIUS:   43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68  [Certificate Auth]

*Mar  8 00:03:07.121: RADIUS:   6F 72 69 74 79 31 3F 30 3D 06 09 2A 86 48 86 F7 0D 01 09 01 16       [ ority1?0=*H]

*Mar  8 00:03:07.121: RADIUS:  EAP-Message         [79]  55 

*Mar  8 00:03:07.121: RADIUS:   30 64 36 62 62 34 66 37 30 2D 66 34 31 32 2D 34  [0d6bb4f70-f412-4]

*Mar  8 00:03:07.121: RADIUS:   35 35 32 2D 61 65 65 32 2D 63 37 61 30 32 36 66  [552-aee2-c7a026f]

*Mar  8 00:03:07.121: RADIUS:   62 61 32 31 38 40 65 78 61 6D 70 6C 65 2E 63 6F  [ba218@example.co]

*Mar  8 00:03:07.121: RADIUS:   6D 0E 00 00 00                 [ m]

*Mar  8 00:03:07.121: RADIUS:  Message-Authenticato[80]  18 

*Mar  8 00:03:07.121: RADIUS:   4C 46 AA B9 A5 D5 DF EA DB E7 2B 7B 51 7E 58 3F          [ LF+{Q~X?]

*Mar  8 00:03:07.121: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.121: RADIUS:   00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1            [ E

*Mar  8 00:03:07.121: RADIUS(000001C7): Received from id 1645/85

*Mar  8 00:03:07.121: RADIUS/DECODE: EAP-Message fragments, 253+53, total 306 bytes

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): Posting EAP_REQ for 0xB0000DBA

*Mar  8 00:03:07.130:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 7(eapReq)

*Mar  8 00:03:07.130: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_request

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_request_enter called

*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.130: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:07.130: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:07.130: EAPOL pak dump Tx

*Mar  8 00:03:07.130: EAPOL Version: 0x3  type: 0x0  length: 0x0132

*Mar  8 00:03:07.130: EAP code: 0x1  id: 0x4  length: 0x0132 type: 0xD

*Mar  8 00:03:07.130: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:07.130: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_request_action called

*Mar  8 00:03:07.138: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:07.138: dot1x-packet(Fa0/1): Queuing an EAPOL pkt on Authenticator Q

*Mar  8 00:03:07.138: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  8 00:03:07.138: EAPOL pak dump rx

*Mar  8 00:03:07.138: EAPOL Version: 0x1  type: 0x0  length: 0x05D4

*Mar  8 00:03:07.138: dot1x-ev:

dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 13,LEN= 1492

*Mar  8 00:03:07.138: dot1x-packet(Fa0/1): Received an EAPOL frame

*Mar  8 00:03:07.138: dot1x-ev(Fa0/1):

^Z

Malleswaram_2960#

*Mar  8 00:03:07.180: RADIUS:  State               [24]  30 

*Mar  8 00:03:07.180: RADIUS:   00 EF 00 B9 00 0A 00 00 EF B8 45 00 EF D2 C4 3C 81 6C 72 0E 23 FE 11 EA 12 17 50 A1            [ E

*Mar  8 00:03:07.180: RADIUS:  NAS-IP-Address      [4]   6   10.26.237.11             

*Mar  8 00:03:07.180: RADIUS:  Acct-Session-Id     [44]  10  "000002D4"

*Mar  8 00:03:07.180: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:07.893: %SYS-5-CONFIG_I: Configured from console by jameela on vty0 (10.26.20.5)

Malleswaram_2960#

*Mar  8 00:03:10.225: RADIUS(000001C7): Request timed out

*Mar  8 00:03:10.225: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:10.225: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:13.354: RADIUS(000001C7): Request timed out

*Mar  8 00:03:13.354: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:13.354: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:16.307: RADIUS(000001C7): Request timed out

*Mar  8 00:03:16.307: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:16.307: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:19.369: RADIUS(000001C7): Request timed out

*Mar  8 00:03:19.369: RADIUS: Retransmit to (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:19.369: RADIUS(000001C7): Started 3 sec timeout

Malleswaram_2960#

*Mar  8 00:03:22.456: RADIUS(000001C7): Request timed out

*Mar  8 00:03:22.456: RADIUS: Fail-over denied to  (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:22.456: RADIUS: No response from (10.26.13.59:1812,1813) for id 1645/86

*Mar  8 00:03:22.456: RADIUS/DECODE: parse response no app start; FAIL

*Mar  8 00:03:22.456: RADIUS/DECODE: parse response; FAIL

*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Received an EAP Fail

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting EAP_FAIL for 0xB0000DBA

*Mar  8 00:03:22.456:     dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 10(eapFail)

*Mar  8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_fail

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_exit called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_fail_enter called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_response_fail_action called

*Mar  8 00:03:22.456:     dot1x_auth_bend Fa0/1: idle during state auth_bend_fail

*Mar  8 00:03:22.456: @@@ dot1x_auth_bend Fa0/1: auth_bend_fail -> auth_bend_idle

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_bend_idle_enter called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting AUTH_FAIL on Client 0xB0000DBA

*Mar  8 00:03:22.456:     dot1x_auth Fa0/1: during state auth_authenticating, got event 15(authFail)

*Mar  8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_authc_result

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authenticating_exit called

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_authc_result_enter called

*Mar  8 00:03:22.456: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Sending event (2) to Auth Mgr for d43d.7e65.4fc1

*Mar  8 00:03:22.456: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB

*Mar  8 00:03:22.456: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EE240F5BAB

*Mar  8 00:03:22.456: dot1x-redundancy: State for client  d43d.7e65.4fc1 successfully retrieved

*Mar  8 00:03:22.456: dot1x-ev(Fa0/1): Received Authz fail for the client  0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): Posting_AUTHZ_FAIL on Client 0xB0000DBA

*Mar  8 00:03:22.456:     dot1x_auth Fa0/1: during state auth_authc_result, got event 22(authzFail)

*Mar  8 00:03:22.456: @@@ dot1x_auth Fa0/1: auth_authc_result -> auth_held

*Mar  8 00:03:22.456: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_enter called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:22.464: EAPOL pak dump Tx

*Mar  8 00:03:22.464: EAPOL Version: 0x3  type: 0x0  length: 0x0004

*Mar  8 00:03:22.464: EAP code: 0x4  id: 0x4  length: 0x0004

*Mar  8 00:03:22.464: dot1x-packet(Fa0/1): EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting FAILOVER_RETRY on Client 0xB0000DBA

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_held, got event 21(failover_retry)

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_held -> auth_restart

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_exit called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_enter called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_held_restart_action called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0xB0000DBA

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_enter called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_restart_connecting_action called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): Posting REAUTH_MAX on Client 0xB0000DBA

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: during state auth_connecting, got event 11(reAuthMax)

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_disconnected

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_disconnected_enter called

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): d43d.7e65.4fc1:auth_disconnected_enter sending canned failure to version 1 supplicant

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:22.464: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:22.464: EAPOL pak dump Tx

*Mar  8 00:03:22.464: EAPOL Version: 0x3  type: 0x0  length: 0x0004

*Mar  8 00:03:22.464: EAP code: 0x4  id: 0x5  length: 0x0004

*Mar  8 00:03:22.464: dot1x-packet(Fa0/1): dot1x_auth_txCannedStatus: EAPOL packet sent to client 0xB0000DBA (d43d.7e65.4fc1)

*Mar  8 00:03:22.464: dot1x-sm(Fa0/1): 0xB0000DBA:auth_connecting_disconnected_reAuthMax_action called

*Mar  8 00:03:22.464:     dot1x_auth Fa0/1: idle during state auth_disconnected

*Mar  8 00:03:22.464: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart

*Mar  8 00:03:22.464: dot1x-ev(Fa0/1): Sending event (1) to Auth Mgr for d43d.7e65.4fc1

*Mar  8 00:03:22.464: dot1x-ev:Delete auth client (0xB0000DBA) message

*Mar  8 00:03:22.464: dot1x-ev:Auth client ctx destroyed

*Mar  8 00:03:22.674: AAA/BIND(000001C8): Bind i/f 

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: initial state auth_initialize has enter

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_initialize_enter called

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_initialize, got event 0(cfg_auto)

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_initialize -> auth_disconnected

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_disconnected_enter called

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: idle during state auth_disconnected

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_disconnected -> auth_restart

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_enter called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending create new context event to EAP for 0x4A000DBB (0000.0000.0000)

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has enter

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_initialize_enter called

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: initial state auth_bend_initialize has idle

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: during state auth_bend_initialize, got event 16383(idle)

*Mar  8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_enter called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Created a client entry (0x4A000DBB)

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Dot1x authentication started for 0x4A000DBB (0000.0000.0000)

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0x4A000DBB

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_enter called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_restart_connecting_action called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0x4A000DBB

*Mar  8 00:03:22.674:     dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)

*Mar  8 00:03:22.674: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_authenticating_enter called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_connecting_authenticating_action called

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): Posting AUTH_START for 0x4A000DBB

*Mar  8 00:03:22.674:     dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  8 00:03:22.674: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Role determination not required

Malleswaram_2960#

*Mar  8 00:03:22.674: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  8 00:03:22.674: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:22.674: EAPOL pak dump Tx

*Mar  8 00:03:22.674: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:22.674: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:22.674: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (0000.0000.0000)

*Mar  8 00:03:22.674: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_idle_request_action called

*Mar  8 00:03:22.791: dot1x-ev(Fa0/1): New client notification from AuthMgr for 0x4A000DBB - d43d.7e65.4fc1

*Mar  8 00:03:22.791: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB

*Mar  8 00:03:25.761:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)

*Mar  8 00:03:25.761: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request

*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called

*Mar  8 00:03:25.761: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called

*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:25.761: dot1x-registry:registry:dot1x_ether_macaddr called

Malleswaram_2960#n

*Mar  8 00:03:25.761: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:25.761: EAPOL pak dump Tx

*Mar  8 00:03:25.761: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:25.761: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:25.761: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)

Malleswaram_2960#no debu

Malleswaram_2960#no debug

*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x4A000DBB

*Mar  8 00:03:28.848:     dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)

*Mar  8 00:03:28.848: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request

*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_request_action called

*Mar  8 00:03:28.848: dot1x-sm(Fa0/1): 0x4A000DBB:auth_bend_request_enter called

*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address

*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Role determination not required

*Mar  8 00:03:28.848: dot1x-registry:registry:dot1x_ether_macaddr called

Malleswaram_2960#no debug all

*Mar  8 00:03:28.848: dot1x-ev(Fa0/1): Sending out EAPOL packet

*Mar  8 00:03:28.848: EAPOL pak dump Tx

*Mar  8 00:03:28.848: EAPOL Version: 0x3  type: 0x0  length: 0x0005

*Mar  8 00:03:28.848: EAP code: 0x1  id: 0x1  length: 0x0005 type: 0x1

*Mar  8 00:03:28.848: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x4A000DBB (d43d.7e65.4fc1)

Malleswaram_2960#no debug all

All possible debugging has been turned off

Malleswaram_2960#

*Mar  8 00:03:31.180: AAA: parse name=tty1 idb type=-1 tty=-1

*Mar  8 00:03:31.180: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0

*Mar  8 00:03:31.180: AAA/MEMORY: create_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' ds0=0 port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0) key=C9A1F1D1

*Mar  8 00:03:31.389: TAC+: (-1901802859): received author response status = PASS_ADD

*Mar  8 00:03:31.389: AAA/MEMORY: free_user (0x21D1684) user='jameela' ruser='Malleswaram_2960' port='tty1' rem_addr='10.26.20.5' authen_type=ASCII service=NONE priv=15

*Mar  8 00:03:31.935: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:03:31.935: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:03:31.935: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:03:31.935: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:03:31.935: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#no deb

Malleswaram_2960#no debug al

Malleswaram_2960#no debug all

All possible debugging has been turned off

Malleswaram_2960#

*Mar  8 00:04:32.677: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:04:41.938: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:04:41.938: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:04:41.938: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:04:41.938: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:04:41.938: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:05:42.654: %AUTHMGR-5-START: Starting 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:05:51.915: %DOT1X-5-FAIL: Authentication failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID

*Mar  8 00:05:51.915: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:05:51.915: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

*Mar  8 00:05:51.915: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Malleswaram_2960#

*Mar  8 00:05:51.915: %AUTHMGR-5-FAIL: Authorization failed for client (d43d.7e65.4fc1) on Interface Fa0/1 AuditSessionID 0A1AED0B000000EF240F9BC3

Pls dont worry about day and time.

Cisco Employee

IEEE 802.1x with EAP-TLS issue in cisco 2960

What error do you see on the radius server? Can you attach the machine certificate in your next reply?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: IEEE 802.1x with EAP-TLS issue in cisco 2960

Hi Jatin,

Please find the error logs in the radius server. Ther certificate is generate by AD on the PC itself.

Request log details for session: R00167881-11-52ca9981

Time           Message

2014-01-06 17:24:41,375           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 212:216:D4-3D-7E-65-4F-AA

2014-01-06 17:24:41,381           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321820 h=199 r=R00167881-11-52ca9981] INFO Core.ServiceReqHandler - Service classification result = Certificate_based_Auth_Branch_Office

2014-01-06 17:24:41,382           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "Certificate_based_Auth_Branch_Office"

2014-01-06 17:24:41,383           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_ldap: searching for user d43d7e654faa in AD:spininf00001.in.intranet

2014-01-06 17:24:41,386           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_macauth: Rejecting MAC auth request from Unknown/Disabled client

2014-01-06 17:24:41,386           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.EndpointTable - Returning NULL (EndpointPtr) for macAddr d43d7e654faa

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.TagDefinitionCacheTable - No InstanceTagDefCacheMap found for instance id = 3368 entity id = 29

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.TagDefinitionCacheTable - Building the TagDefMapTable for NAD instance=3368

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO Common.TagDefinitionCacheTable - Built 0 tag(s) for NAD instanceId=3368|entityId=29

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=3368|entity=Device

2014-01-06 17:24:41,389           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.EndpointTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Endpoint)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 r=psauto-1387885173-321821 h=215 r=R00167881-11-52ca9981] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)

2014-01-06 17:24:41,390           [RequestHandler-1-0x7f10c55ea700 h=2550047 c=R00167881-11-52ca9981] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Started ***

2014-01-06 17:24:41,391           [AuthReqThreadPool-11-0x7f11bb5fa700 r=R00167881-11-52ca9981 h=40] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{memberOf}), error=No values for param=memberOf

2014-01-06 17:24:41,391           [AuthReqThreadPool-11-0x7f11bb5fa700 r=R00167881-11-52ca9981 h=40] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{memberOf})

2014-01-06 17:24:41,392           [AuthReqThreadPool-11-0x7f11bb5fa700 r=R00167881-11-52ca9981 h=40] WARN Ldap.LdapQuery - Failed to get value for attributes=Department, Groups, HostName, OSServicePack, OperatingSystem, Title]

2014-01-06 17:24:41,392           [RequestHandler-1-0x7f10c55ea700 h=2550049 c=R00167881-11-52ca9981] INFO Core.PETaskRoleMapping - Roles:

2014-01-06 17:24:41,395           [RequestHandler-1-0x7f10c55ea700 h=2550052 c=R00167881-11-52ca9981] INFO Core.PETaskEnforcement - EnfProfiles: Deny Access Profile]

2014-01-06 17:24:41,396           [RequestHandler-1-0x7f10c55ea700 h=2550057 c=R00167881-11-52ca9981] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550053 c=R00167881-11-52ca9981] INFO Core.PETaskRadiusEnfProfileBuilder - EnfProfileAction=DENY

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550053 c=R00167881-11-52ca9981] INFO Core.PETaskRadiusEnfProfileBuilder - Radius enfProfiles used: Deny Access Profile]

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550053 c=R00167881-11-52ca9981] INFO Core.EnfProfileComputer - getFinalSessionTimeout: sessionTimeout = 0

2014-01-06 17:24:41,397           [RequestHandler-1-0x7f10c55ea700 h=2550058 c=R00167881-11-52ca9981] INFO Core.PETaskCliEnforcement - startHandler: Request rejected. Skip CLI enforcement

2014-01-06 17:24:41,398           [RequestHandler-1-0x7f10c55ea700 r=R00167881-11-52ca9981 h=2550056 c=R00167881-11-52ca9981] INFO Core.PETaskPostAuthEnfProfileBuilder - getApplicableProfiles: No Post auth enforcement profiles applicable for this device

2014-01-06 17:24:41,399           [RequestHandler-1-0x7f10c55ea700 r=R00167881-11-52ca9981 h=2550054 c=R00167881-11-52ca9981] INFO Core.PETaskRadiusCoAEnfProfileBuilder - getApplicableProfiles: No radius_coa enforcement profiles applicable for this device

2014-01-06 17:24:41,402           [RequestHandler-1-0x7f10c55ea700 h=2550060 c=R00167881-11-52ca9981] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs

2014-01-06 17:24:41,402           [RequestHandler-1-0x7f10c55ea700 h=2550060 c=R00167881-11-52ca9981] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr

2014-01-06 17:24:41,402           [RequestHandler-1-0x7f10c55ea700 h=2550059 c=R00167881-11-52ca9981] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr

2014-01-06 17:24:41,403           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_policy: Received Deny Enforcement Profile

2014-01-06 17:24:41,403           [Th 284 Req 4785671 SessId R00167881-11-52ca9981] INFO RadiusServer.Radius - rlm_policy: Policy Server reply does not contain Posture-Validation-Response

2014-01-06 17:24:41,403           [RequestHandler-1-0x7f10c55ea700 r=R00167881-11-52ca9981 h=2550047 c=R00167881-11-52ca9981] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Completed ***

1072
Views
0
Helpful
4
Replies
CreatePlease to create content