Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

802.1x issue

I have configure my switch with this:

#aaa authentication dot1x default group radius

#dot1x system-auth-control

#radius-server host 214.3.80.7 auth-port 1645 acct-port 1646 key 7 0601592D6C40

I have everything configured and I am using cisco secure ACS as the Radius server and my DC as the CA. The laptop I am trying to authenticate already has a certificate that was issued by the CA.

when I debug 802.1x I recieve this message:

2w1d: @@@ dot1x_auth_bend Gi0: auth_bend_idle -> auth_bend_request

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_enter called

2w1d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005

type: 0x1 data:

2w1d: dot1x-ev:GigabitEthernet0/5:Sending EAPOL packet to group PAE address

2w1d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required

on GigabitEthernet0/5.

2w1d: dot1x-registry:registry:dot1x_ether_macaddr called

2w1d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet

0/5

2w1d: EAPOL pak dump Tx

2w1d: EAPOL Version: 0x2 type: 0x0 length: 0x0005

2w1d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1

2w1d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authentica

tor

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_idle_request_action called

2w1d: %LINK-3-UPDOWN: Interface GigabitEthernet0/5, changed state to up

2w1d: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.000

0

2w1d: dot1x-sm:Posting EAP_REQ on Client=2EE6D38

2w1d: dot1x_auth_bend Gi0: during state auth_bend_request, got event 7(eapRe

q)

2w1d: @@@ dot1x_auth_bend Gi0: auth_bend_request -> auth_bend_request

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_request_action called

2w1d: dot1x-sm:Gi0/5:0000.0000.0000:auth_bend_request_enter called

2w1d: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005

type: 0x1 data:

2w1d: dot1x-ev:GigabitEthernet0/5:Sending EAPOL packet to group PAE address

2w1d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required

on GigabitEthernet0/5.

2w1d: dot1x-registry:registry:dot1x_ether_macaddr called

2w1d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet

0/5

2w1d: EAPOL pak dump Tx

2w1d: EAPOL Version: 0x2 type: 0x0 length: 0x0005

2w1d: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1

2w1d: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authentica

tor

and it repeats itself so I think it has something to do with the server I am running the RADIUS. Is it the ACS certification Setup? or something else ? can anyone help me with this?

2 REPLIES
Bronze

Re: 802.1x issue

Kindly check the status of the radius server by issuing the command " show aaa server".

in the output see whether the staus is flapping between up and down

New Member

Re: 802.1x issue

I'm having virtually the same problem. When I do 'show aaa server' the server seems to be UP continuously. Have you come across any possible solutions?

269
Views
0
Helpful
2
Replies
CreatePlease to create content