cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
532
Views
0
Helpful
2
Replies

802.1x issue

j-soriano85
Level 1
Level 1

I have configure my switch with this:

#aaa authentication dot1x default group radius

#dot1x system-auth-control

#radius-server host 214.3.80.7 auth-port 1645 acct-port 1646 key 7 0601592D6C40

I have everything configured and I am using cisco secure ACS as the Radius server and my DC as the CA. The laptop I am trying to authenticate already has a certificate that was issued by the CA.

when I debug 802.1x I recieve this message:

2w1d: @@@ dot1x_auth_bend Gi0: auth_bend_idle -> auth_bend_request

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_enter called

2w1d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005

type: 0x1 data:

2w1d: dot1x-ev:GigabitEthernet0/5:Sending EAPOL packet to group PAE address

2w1d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required

on GigabitEthernet0/5.

2w1d: dot1x-registry:registry:dot1x_ether_macaddr called

2w1d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet

0/5

2w1d: EAPOL pak dump Tx

2w1d: EAPOL Version: 0x2 type: 0x0 length: 0x0005

2w1d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1

2w1d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authentica

tor

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_idle_request_action called

2w1d: %LINK-3-UPDOWN: Interface GigabitEthernet0/5, changed state to up

2w1d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.000

0

2w1d: dot1x-sm:Posting EAP_REQ on Client=2EE6D38

2w1d: dot1x_auth_bend Gi0: during state auth_bend_request, got event 7(eapRe

q)

2w1d: @@@ dot1x_auth_bend Gi0: auth_bend_request -> auth_bend_request

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_request_action called

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_enter called

2w1d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005

type: 0x1 data:

2w1d: dot1x-ev:GigabitEthernet0/5:Sending EAPOL packet to group PAE address

2w1d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required

on GigabitEthernet0/5.

2w1d: dot1x-registry:registry:dot1x_ether_macaddr called

2w1d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet

0/5

2w1d: EAPOL pak dump Tx

2w1d: EAPOL Version: 0x2 type: 0x0 length: 0x0005

2w1d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1

2w1d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authentica

tor

and it repeats itself so I think it has something to do with the server I am running the RADIUS. Is it the ACS certification Setup? or something else ? can anyone help me with this?

2 Replies 2

beth-martin
Level 5
Level 5

Kindly check the status of the radius server by issuing the command " show aaa server".

in the output see whether the staus is flapping between up and down

I'm having virtually the same problem. When I do 'show aaa server' the server seems to be UP continuously. Have you come across any possible solutions?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: