Wired 802.1x / CSSC 5.1 loop "aquiring IP Addr." and "Authentication"

eberlestefan · ‎11-13-2008

Hello

I am currently preparing an installation for wired 802.1x authentication. My setup consist of the following:

- MS IAS

- MS AD

- MS DC-DHCP for auth. users

- Switch WS-C3560

- Testclient with CSSC 5.1

The dot1x authentication itself is working properly and the switchport is configured with the appropriate VLAN.

After the user is logged in to the computer the CSSC always stays on Status "aquiring IP address" before it re-authenticates again. If you have a look at the client's IP configuration everything is fine. It looks like the CSSC doesn't recognise that the DHCP IP allocation was done properly.

I have checked the DHCP configuration on the DC and it is correct. In the log you can see that the client is releasing and renewing his address often and this must be triggered by the CSSC. I have also checked the timers and they shouldn't be too short.

In the CSSC Log you can find the following error:

DHCP release failure => -20{error}

DHCP ipReconnect failure => -2(error)

Uploaded you can find the following:

- CSSC Logfile

- CSSC XML-Config file

Any ideas?

Regards

Stefan

eberlestefan · ‎11-17-2008

Hello world

The following sentence was found:

â€œThe SSC agent does do a gateway ARP to verify network connectivity. If it doesn't get a response then it will release and try to get a new IP.â€

As I was setting up 802.1x in the lab no gateway existed and this is why I faced exactly this problem. When I have changed the DHCP Router address the CSSC changed to State "connected"

Hopefully this forum entry can help someone else.

Stefan

umamon · ‎12-22-2008

Hi,

I have pretty much the same lab environment as you referenced earlier, I was wondering if you figured out a way to remote manage your desktops with the CSSC supplicant? Any suggestions will be greatly appreciated.

Thanks!