05-14-2007 06:04 AM - edited 03-05-2019 04:03 PM
I have configure my switch with this:
#aaa authentication dot1x default group radius
#dot1x system-auth-control
#radius-server host 214.3.80.7 auth-port 1645 acct-port 1646 key 7 0601592D6C40
I have everything configured and I am using cisco secure ACS as the Radius server and my DC as the CA. The laptop I am trying to authenticate already has a certificate that was issued by the CA.
when I debug 802.1x I recieve this message:
2w1d: @@@ dot1x_auth_bend Gi0: auth_bend_idle -> auth_bend_request
2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_enter called
2w1d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005
type: 0x1 data:
2w1d: dot1x-ev:GigabitEthernet0/5:Sending EAPOL packet to group PAE address
2w1d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required
on GigabitEthernet0/5.
2w1d: dot1x-registry:registry:dot1x_ether_macaddr called
2w1d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet
0/5
2w1d: EAPOL pak dump Tx
2w1d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
2w1d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
2w1d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authentica
tor
2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_idle_request_action called
2w1d: %LINK-3-UPDOWN: Interface GigabitEthernet0/5, changed state to up
2w1d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.000
0
2w1d: dot1x-sm:Posting EAP_REQ on Client=2EE6D38
2w1d: dot1x_auth_bend Gi0: during state auth_bend_request, got event 7(eapRe
q)
2w1d: @@@ dot1x_auth_bend Gi0: auth_bend_request -> auth_bend_request
2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_request_action called
2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_enter called
2w1d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005
type: 0x1 data:
2w1d: dot1x-ev:GigabitEthernet0/5:Sending EAPOL packet to group PAE address
2w1d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required
on GigabitEthernet0/5.
2w1d: dot1x-registry:registry:dot1x_ether_macaddr called
2w1d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet
0/5
2w1d: EAPOL pak dump Tx
2w1d: EAPOL Version: 0x2 type: 0x0 length: 0x0005
2w1d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
2w1d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authentica
tor
and it repeats itself so I think it has something to do with the server I am running the RADIUS. Is it the ACS certification Setup? or something else ? can anyone help me with this?
05-21-2007 06:07 AM
Kindly check the status of the radius server by issuing the command " show aaa server".
in the output see whether the staus is flapping between up and down
05-21-2007 06:34 AM
I'm having virtually the same problem. When I do 'show aaa server' the server seems to be UP continuously. Have you come across any possible solutions?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: