Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Need help on dynamic vlan assignment through dot1x

Hi,

I have been testing dot1x configuration on a Cisco 2960 Switch with Juniper SBR but unable to get it to work. I have done a very basic configuration on the switch which is as below

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

dot1x system-auth-control

interface GigabitEthernet0/1

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x violation-mode protect

spanning-tree portfast

radius-server host 10.253.145.72 auth-port 1812 acct-port 1813 key ******

and i have configured the following attributes on local as well as domain user ID on Radius in the return list.

Tunnel_Medium_Type = 802

Tunnel-Type = VLAN

Tunnel-Private-Group-ID = 143

When i connect a system on to the switchport it asks me for authentication and after entering that it will go into limited or connectivity state. IP address assignment is through DHCP. I enabled debug for radius, dot1x and AAA on the switch and received this as the output.

Mar  1 01:06:32.943: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Gi0/1

*Mar  1 01:06:32.943: dot1x-ev:dot1x_switch_addr_remove: Did not locate HA entry for MAC 0000.0000.0000 on interface GigabitEthernet0/1

*Mar  1 01:06:32.943: dot1x-ev:dot1x_vlan_assign_client_deleted for 0000.0000.0000 on interface GigabitEthernet0/1

*Mar  1 01:06:32.943:     dot1x_auth Gi0/1: initial state auth_initialize has enter

*Mar  1 01:06:32.943: dot1x-sm:Gi0/1:0000.0000.0000:auth_initialize_enter called

*Mar  1 01:06:32.943:     dot1x_auth Gi0/1: during state auth_initialize, got event 0(cfg_auto)

*Mar  1 01:06:32.943: @@@ dot1x_auth Gi0/1: auth_initialize -> auth_disconnected

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_disconnected_enter called

*Mar  1 01:06:32.952:     dot1x_auth Gi0/1: idle during state auth_disconnected

*Mar  1 01:06:32.952: @@@ dot1x_auth Gi0/1: auth_disconnected -> auth_restart

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_restart_enter called

*Mar  1 01:06:32.952: dot1x-ev:Sending create new context event to EAP for 0000.0000.0000

*Mar  1 01:06:32.952:     dot1x_auth_bend Gi0/1: initial state auth_bend_initialize has enter

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_bend_initialize_enter called

*Mar  1 01:06:32.952:     dot1x_auth_bend Gi0/1: initial state auth_bend_initialize has idle

*Mar  1 01:06:32.952:     dot1x_auth_bend Gi0/1: during state auth_bend_initialize, got event 16383(idle)

*Mar  1 01:06:32.952: @@@ dot1x_auth_bend Gi0/1: auth_bend_initialize -> auth_bend_idle

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_bend_idle_enter called

*Mar  1 01:06:32.952: dot1x-ev:Created a client entry for the supplicant 0000.0000.0000

*Mar  1 01:06:32.952: dot1x-ev:Created a default authenticator instance on GigabitEthernet0/1

*Mar  1 01:06:32.952: dot1x-sm:Posting !EAP_RESTART on Client=2CD60EC

*Mar  1 01:06:32.952:     dot1x_auth Gi0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  1 01:06:32.952: @@@ dot1x_auth Gi0/1: auth_restart -> auth_connecting

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_connecting_enter called

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_restart_connecting_action called

*Mar  1 01:06:32.952: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000

*Mar  1 01:06:32.952: dot1x-sm:Posting RX_REQ on Client=2CD60EC

*Mar  1 01:06:32.952:     dot1x_auth Gi0/1: during state auth_connecting, got event 11(eapReq_no_reAuthMax)

*Mar  1 01:06:32.952: @@@ dot1x_auth Gi0/1: auth_connecting -> auth_authenticating

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_authenticating_enter called

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_connecting_authenticating_action called

*Mar  1 01:06:32.952: dot1x-sm:Posting AUTH_START on Client=2CD60EC

*Mar  1 01:06:32.952:     dot1x_auth_bend Gi0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  1 01:06:32.952: @@@ dot1x_auth_bend Gi0/1: auth_bend_idle -> auth_bend_request

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_bend_request_enter called

*Mar  1 01:06:32.952: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:

*Mar  1 01:06:32.952: dot1x-ev:GigabitEthernet0/1:Sending EAPOL packet to group PAE address

*Mar  1 01:06:32.952: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on GigabitEthernet0/1.

*Mar  1 01:06:32.952: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  1 01:06:32.952: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet0/1

*Mar  1 01:06:32.952: EAPOL pak dump Tx

*Mar  1 01:06:32.952: EAPOL Version: 0x2  type: 0x0  length: 0x0005

*Mar  1 01:06:32.952: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1

*Mar  1 01:06:32.952: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator

*Mar  1 01:06:32.952: dot1x-sm:Gi0/1:0000.0000.0000:auth_bend_idle_request_action called

*Mar  1 01:06:33.874: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

*Mar  1 01:06:51.834: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on GigabitEthernet0/1.

*Mar  1 01:06:51.834: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

*Mar  1 01:06:51.834: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  1 01:06:51.834: EAPOL pak dump rx

*Mar  1 01:06:51.834: EAPOL Version: 0x1  type: 0x0  length: 0x000A

*Mar  1 01:06:51.834: dot1x-ev:

dot1x_auth_queue_event: Int Gi0/1 CODE= 2,TYPE= 1,LEN= 10

*Mar  1 01:06:51.834: dot1x-packet:Received an EAPOL frame on interface GigabitEthernet0/1

*Mar  1 01:06:51.834: dot1x-ev:Received pkt saddr =6c62.6d57.4c2e , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0100.000a

*Mar  1 01:06:51.834: dot1x-ev:Created a client entry for the supplicant 6c62.6d57.4c2e

*Mar  1 01:06:51.834: dot1x-ev:Found the default authenticator instance on GigabitEthernet0/1

*Mar  1 01:06:51.834: dot1x-registry:EAPOL traffic seen on GigabitEthernet0/1

*Mar  1 01:06:51.834: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Gi0/1 is FALSE

*Mar  1 01:06:51.834: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag set for the port  Gi0/1

*Mar  1 01:06:51.834: dot1x-packet:Received an EAP packet on interface GigabitEthernet0/1

*Mar  1 01:06:51.834: EAPOL pak dump rx

*Mar  1 01:06:51.834: EAPOL Version: 0x1  type: 0x0  length: 0x000A

*Mar  1 01:06:51.834: dot1x-packet:Received an EAP packet on the GigabitEthernet0/1 from mac 6c62.6d57.4c2e

*Mar  1 01:06:51.834: dot1x-sm:Posting EAPOL_EAP on Client=2CD60EC

*Mar  1 01:06:51.834:     dot1x_auth_bend Gi0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  1 01:06:51.834: @@@ dot1x_auth_bend Gi0/1: auth_bend_request -> auth_bend_response

*Mar  1 01:06:51.834: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_response_enter called

*Mar  1 01:06:51.834: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 6c62.6d57.4c2e

*Mar  1 01:06:51.834: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_request_response_action called

*Mar  1 01:06:51.834: AAA/BIND(00000007): Bind i/f 

*Mar  1 01:06:51.834: AAA/AUTHEN/8021X (00000007): Pick method list 'default'

*Mar  1 01:06:51.834: RADIUS/ENCODE(00000007):Orig. component type = DOT1X

*Mar  1 01:06:51.834: RADIUS(00000007): Config NAS IP: 0.0.0.0

*Mar  1 01:06:51.834: RADIUS/ENCODE: Best Local IP-Address 192.168.109.35 for Radius-Server 10.253.145.72

*Mar  1 01:06:51.834: RADIUS(00000007): Send Access-Request to 10.253.145.72:1812 id 1645/21, len 145

*Mar  1 01:06:56.750: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/21

*Mar  1 01:07:01.884: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/21

*Mar  1 01:07:06.951: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/21

*Mar  1 01:07:09.845: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on GigabitEthernet0/1.

*Mar  1 01:07:09.845: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

*Mar  1 01:07:09.845: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  1 01:07:09.845: EAPOL pak dump rx

*Mar  1 01:07:09.845: EAPOL Version: 0x1  type: 0x1  length: 0x0000

*Mar  1 01:07:09.845: dot1x-ev:

dot1x_auth_queue_event: Int Gi0/1 CODE= 0,TYPE= 0,LEN= 0

*Mar  1 01:07:09.845: dot1x-packet:Received an EAPOL frame on interface GigabitEthernet0/1

*Mar  1 01:07:09.845: dot1x-ev:Received pkt saddr =6c62.6d57.4c2e , daddr = 0180.c200.0003,

    pae-ether-type = 888e.0101.0000

*Mar  1 01:07:09.845: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Gi0/1 is TRUE

*Mar  1 01:07:09.845: dot1x-packet:Received an EAPOL-Start packet on interface GigabitEthernet0/1

*Mar  1 01:07:09.845: EAPOL pak dump rx

*Mar  1 01:07:09.845: EAPOL Version: 0x1  type: 0x1  length: 0x0000

*Mar  1 01:07:09.845: dot1x-sm:Posting EAPOL_START on Client=2CD60EC

*Mar  1 01:07:09.845:     dot1x_auth Gi0/1: during state auth_authenticating, got event 4(eapolStart)

*Mar  1 01:07:09.845: @@@ dot1x_auth Gi0/1: auth_authenticating -> auth_aborting

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_authenticating_exit called

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_aborting_enter called

*Mar  1 01:07:09.845: dot1x-sm:Posting AUTH_ABORT on Client=2CD60EC

*Mar  1 01:07:09.845:     dot1x_auth_bend Gi0/1: during state auth_bend_response, got event 1(authAbort)

*Mar  1 01:07:09.845: @@@ dot1x_auth_bend Gi0/1: auth_bend_response -> auth_bend_initialize

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_response_exit called

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_initialize_enter called

*Mar  1 01:07:09.845:     dot1x_auth_bend Gi0/1: idle during state auth_bend_initialize

*Mar  1 01:07:09.845: @@@ dot1x_auth_bend Gi0/1: auth_bend_initialize -> auth_bend_idle

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_idle_enter called

*Mar  1 01:07:09.845: dot1x-sm:Posting !AUTH_ABORT on Client=2CD60EC

*Mar  1 01:07:09.845:     dot1x_auth Gi0/1: during state auth_aborting, got event 21(no_eapolLogoff_no_authAbort)

*Mar  1 01:07:09.845: @@@ dot1x_auth Gi0/1: auth_aborting -> auth_restart

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_aborting_exit called

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_restart_enter called

*Mar  1 01:07:09.845: dot1x-ev:Sending create new context event to EAP for 6c62.6d57.4c2e

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_aborting_restart_action called

*Mar  1 01:07:09.845: dot1x-sm:Posting !EAP_RESTART on Client=2CD60EC

*Mar  1 01:07:09.845:     dot1x_auth Gi0/1: during state auth_restart, got event 6(no_eapRestart)

*Mar  1 01:07:09.845: @@@ dot1x_auth Gi0/1: auth_restart -> auth_connecting

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_connecting_enter called

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_restart_connecting_action called

*Mar  1 01:07:09.845: dot1x-packet:Received an EAP request packet from EAP for mac 6c62.6d57.4c2e

*Mar  1 01:07:09.845: dot1x-sm:Posting RX_REQ on Client=2CD60EC

*Mar  1 01:07:09.845:     dot1x_auth Gi0/1: during state auth_connecting, got event 11(eapReq_no_reAuthMax)

*Mar  1 01:07:09.845: @@@ dot1x_auth Gi0/1: auth_connecting -> auth_authenticating

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_authenticating_enter called

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_connecting_authenticating_action called

*Mar  1 01:07:09.845: dot1x-sm:Posting AUTH_START on Client=2CD60EC

*Mar  1 01:07:09.845:     dot1x_auth_bend Gi0/1: during state auth_bend_idle, got event 4(eapReq_authStart)

*Mar  1 01:07:09.845: @@@ dot1x_auth_bend Gi0/1: auth_bend_idle -> auth_bend_request

*Mar  1 01:07:09.845: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_request_enter called

*Mar  1 01:07:09.845: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:

*Mar  1 01:07:09.845: dot1x-ev:GigabitEthernet0/1:Sending EAPOL packet to group PAE address

*Mar  1 01:07:09.845: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on GigabitEthernet0/1.

*Mar  1 01:07:09.853: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  1 01:07:09.853: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet0/1

*Mar  1 01:07:09.853: EAPOL pak dump Tx

*Mar  1 01:07:09.853: EAPOL Version: 0x2  type: 0x0  length: 0x0005

*Mar  1 01:07:09.853: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1

*Mar  1 01:07:09.853: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (6c62.6d57.4c2e)

*Mar  1 01:07:09.853: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_idle_request_action called

*Mar  1 01:07:11.455: RADIUS: No response from (10.253.145.72:1812,1813) for id 1645/21

*Mar  1 01:07:11.455: RADIUS/DECODE: parse response no app start; FAIL

*Mar  1 01:07:11.455: RADIUS/DECODE: parse response; FAIL

*Mar  1 01:07:28.358: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on GigabitEthernet0/1.

*Mar  1 01:07:28.358: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q

*Mar  1 01:07:28.358: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

*Mar  1 01:07:28.358: EAPOL pak dump rx

*Mar  1 01:07:28.358: EAPOL Version: 0x1  type: 0x0  length: 0x0018

*Mar  1 01:07:28.358: dot1x-ev:dot1x_auth_queue_event: Int Gi0/1 CODE= 2,TYPE= 1,LEN= 24

*Mar  1 01:07:28.358: dot1x-packet:Received an EAPOL frame on interface GigabitEthernet0/1

*Mar  1 01:07:28.358: dot1x-ev:Received pkt saddr =6c62.6d57.4c2e , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0018

*Mar  1 01:07:28.358: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Gi0/1 is TRUE

*Mar  1 01:07:28.358: dot1x-packet:Received an EAP packet on interface GigabitEthernet0/1

*Mar  1 01:07:28.358: EAPOL pak dump rx

*Mar  1 01:07:28.358: EAPOL Version: 0x1  type: 0x0  length: 0x0018

*Mar  1 01:07:28.358: dot1x-packet:Received an EAP packet on the GigabitEthernet0/1 from mac 6c62.6d57.4c2e

*Mar  1 01:07:28.358: dot1x-sm:Posting EAPOL_EAP on Client=2CD60EC

*Mar  1 01:07:28.358:     dot1x_auth_bend Gi0/1: during state auth_bend_request, got event 6(eapolEap)

*Mar  1 01:07:28.358: @@@ dot1x_auth_bend Gi0/1: auth_bend_request -> auth_bend_response

*Mar  1 01:07:28.358: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_response_enter called

*Mar  1 01:07:28.358: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 6c62.6d57.4c2e

*Mar  1 01:07:28.358: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_request_response_action called

*Mar  1 01:07:28.358: AAA/BIND(00000008): Bind i/f 

*Mar  1 01:07:28.358: AAA/AUTHEN/8021X (00000008): Pick method list 'default'

*Mar  1 01:07:28.367: RADIUS/ENCODE(00000008):Orig. component type = DOT1X

*Mar  1 01:07:28.367: RADIUS(00000008): Config NAS IP: 0.0.0.0

*Mar  1 01:07:28.367: RADIUS/ENCODE: Best Local IP-Address 192.168.109.35 for Radius-Server 10.253.145.72

*Mar  1 01:07:28.367: RADIUS(00000008): Send Access-Request to 10.253.145.72:1812 id 1645/22, len 173

*Mar  1 01:07:33.333: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/22

*Mar  1 01:07:38.140: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/22

*Mar  1 01:07:43.206: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/22

*Mar  1 01:07:48.072: RADIUS: No response from (10.253.145.72:1812,1813) for id 1645/22

*Mar  1 01:07:48.072: RADIUS/DECODE: parse response no app start; FAIL

*Mar  1 01:07:48.072: RADIUS/DECODE: parse response; FAIL

*Mar  1 01:07:48.072: dot1x-ev:Authorization data for client 6c62.6d57.4c2e has been reset on GigabitEthernet0/1

*Mar  1 01:07:48.072: dot1x-ev:Received an EAP Fail on GigabitEthernet0/1 for mac 6c62.6d57.4c2e

*Mar  1 01:07:48.072: dot1x-ev:No reply attributes received from AAA for 6c62.6d57.4c2e

*Mar  1 01:07:48.072: dot1x-sm:Posting EAP_FAIL on Client=2CD60EC

*Mar  1 01:07:48.072:     dot1x_auth_bend Gi0/1: during state auth_bend_response, got event 10(eapFail)

*Mar  1 01:07:48.072: @@@ dot1x_auth_bend Gi0/1: auth_bend_response -> auth_bend_fail

*Mar  1 01:07:48.072: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_response_exit called

*Mar  1 01:07:48.072: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_fail_enter called

*Mar  1 01:07:48.072: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_response_fail_action called

*Mar  1 01:07:48.072:     dot1x_auth_bend Gi0/1: idle during state auth_bend_fail

*Mar  1 01:07:48.072: @@@ dot1x_auth_bend Gi0/1: auth_bend_fail -> auth_bend_idle

*Mar  1 01:07:48.072: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_bend_idle_enter called

*Mar  1 01:07:48.072: dot1x-sm:Posting AUTH_FAIL on Client=2CD60EC

*Mar  1 01:07:48.072:     dot1x_auth Gi0/1: during state auth_authenticating, got event 16(authFail)

*Mar  1 01:07:48.072: @@@ dot1x_auth Gi0/1: auth_authenticating -> auth_authc_result

*Mar  1 01:07:48.072: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_authenticating_exit called

*Mar  1 01:07:48.072: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_authc_result_enter called

*Mar  1 01:07:48.072: dot1x-ev:dot1x_critical_applicable: Critical auth not applicable.  Feature is not enabled on port GigabitEthernet0/1.

*Mar  1 01:07:48.072: dot1x-sm:Posting AUTHC_FAIL on Client=2CD60EC

*Mar  1 01:07:48.072:     dot1x_auth Gi0/1: during state auth_authc_result, got event 24(authcFail)

*Mar  1 01:07:48.072: @@@ dot1x_auth Gi0/1: auth_authc_result -> auth_held

*Mar  1 01:07:48.072: dot1x-ev:dot1x_critical_applicable: Critical auth not applicable.  Feature is not enabled on port GigabitEthernet0/1.

*Mar  1 01:07:48.072: dot1x-sm:Gi0/1:6c62.6d57.4c2e:auth_held_enter called

*Mar  1 01:07:48.072: dot1x-ev:dot1x_switch_authz_fail: Called for GigabitEthernet0/1 and 6c62.6d57.4c2e

*Mar  1 01:07:48.072: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface GigabitEthernet0/1

*Mar  1 01:07:48.072: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Gi0/1

*Mar  1 01:07:48.072: dot1x-ev:dot1x_switch_addr_remove: Did not locate HA entry for MAC 6c62.6d57.4c2e on interface GigabitEthernet0/1

*Mar  1 01:07:48.072: dot1x-ev:dot1x_vlan_assign_authz_fail on interface GigabitEthernet0/1

*Mar  1 01:07:48.072: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x4  id: 0x2  length: 0x0004 type: 0x0  data:

*Mar  1 01:07:48.072: dot1x-ev:GigabitEthernet0/1:Sending EAPOL packet to group PAE address

*Mar  1 01:07:48.072: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on GigabitEthernet0/1.

*Mar  1 01:07:48.072: dot1x-registry:registry:dot1x_ether_macaddr called

*Mar  1 01:07:48.072: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet0/1

*Mar  1 01:07:48.072: EAPOL pak dump Tx

*Mar  1 01:07:48.072: EAPOL Version: 0x2  type: 0x0  length: 0x0004

*Mar  1 01:07:48.072: EAP code: 0x4  id: 0x2  length: 0x0004

*Mar  1 01:07:48.072: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (6c62.6d57.4c2e)

*Mar  1 01:08:16.878: dot1x-registry:dot1x_switch_port_physical_linkchange invoked on interface Gi0/1

*Mar  1 01:08:16.878: dot1x-ev:

dot1x_switch_sb_vp_errdisable_set: setting Gi0/1 domain 1 to errdisabled

*Mar  1 01:08:16.878: dot1x-ev:

dot1x_switch_sb_vp_errdisable_set: setting Gi0/1 domain 2 to errdisabled

*Mar  1 01:08:16.878: dot1x-ev:dot1x_mgr_if_state_change: GigabitEthernet0/1 has changed to DOWN

*Mar  1 01:08:16.878: dot1x-ev:Cleared all authenticator instances on GigabitEthernet0/1

*Mar  1 01:08:16.878: dot1x-ev:dot1x_switch_port_unauthorized: Unauthorizing interface GigabitEthernet0/1

*Mar  1 01:08:16.878: dot1x-ev:dot1x_switch_is_dot1x_forwarding_enabled: Forwarding is disabled on Gi0/1

*Mar  1 01:08:16.878: dot1x-ev:dot1x_switch_addr_remove: Did not locate HA entry for MAC 6c62.6d57.4c2e on interface GigabitEthernet0/1

*Mar  1 01:08:16.878: dot1x-ev:dot1x_vlan_assign_client_deleted for 6c62.6d57.4c2e on interface GigabitEthernet0/1

*Mar  1 01:08:16.878: dot1x-ev:dot1x_vlan_assign_client_deleted: Ignoring client 6c62.6d57.4c2e on GigabitEthernet0/1, domain is data

*Mar  1 01:08:18.883: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down

Please suggest as i'm unable to understand where am i possibly going wrong.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Need help on dynamic vlan assignment through dot1x

Sagar,

If the 3 attributes are not put into the Access-Accept message sent from the RADIUS to the switch then definitely, that is the reason why the automatic VLAN assignment is not working. The RADIUS server, or its configuration, is to be blamed here.

However, as I have not worked with the Juniper RADIUS server before, I do not know what to do with it to force it to send the attributes. Once again, have you actually tried to define both the attributes and their values numerically, not by names?

If you have a support contract with Juniper, or if you can access its support forums (I believe they have a similar forum to this one), can you ask there about this issue?

In the meanwhile, do you have an option of testing a different RADIUS server? Personally I suggest FreeRADIUS although setting it up for the first time is not entirely simple.

Once again - we need to see those 3 attributes in an Access-Accept message, and that is the responsibility of the RADIUS server. A switch can not do anything about it. Until those 3 attributes are not seen in the packets as they are captured on the RADIUS server, this is a problem of the RADIUS server.

Best regards,

Peter

25 REPLIES
Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hello Sagar,

I believe you have a connectivity problem with your RADIUS server:

*Mar  1 01:07:28.367: RADIUS/ENCODE: Best Local IP-Address 192.168.109.35 for Radius-Server 10.253.145.72

*Mar  1 01:07:28.367: RADIUS(00000008): Send Access-Request to 10.253.145.72:1812 id 1645/22, len 173

*Mar  1 01:07:33.333: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/22

*Mar  1 01:07:38.140: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/22

*Mar  1 01:07:43.206: RADIUS: Retransmit to (10.253.145.72:1812,1813) for id 1645/22

*Mar  1 01:07:48.072: RADIUS: No response from (10.253.145.72:1812,1813) for id 1645/22

Notice you are sending RADIUS requests to 10.253.145.72 from your local IP 192.168.109.35 but the RADIUS server does not reply within 20 seconds even after 3 retransmits. Can you actually ping the RADIUS server from your local IP?

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hello Peter,

Radius Server is reachable when i ping it from the local IP but when i telnet from the local IP (switch IP) on ports 1812 and 1813, it does not respond.

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hello Sagar,

Radius Server is reachable when i ping it from the local IP but when i  telnet from the local IP (switch IP) on ports 1812 and 1813, it does not  respond.

I am not surprised that it does not respond - Telnet uses TCP while RADIUS is an UDP-based service. Even if you could force the Telnet command to connect to UDP ports, you would need to send a well-formatted RADIUS message in order for the server to respond.

In any case, the fact the RADIUS server does not respond when the switch tries to authenticate a connected stations is currently the major issue to be solved. Is there any ACL used on the switch? Also, what kind of RADIUS server are you running? Is it perhaps required to add the 192.168.109.35 to the list of allowed clients in the RADIUS server configuration?

Definitely, it is necessary to verify if the RADIUS server is receiving the messages from your switch and whether it actually replies to them.

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hello Peter,

Yes, there is a requirement to add to the device in the radius clents list which i have already done. There is no ACL configured on the switch either as far as i know. We are using a Juniper Steel Belted Radius. Also, i have enabled PEAP as the authnetication method on the system NIC card. Also is there any requirement to configure the source ports for the radius host on the switch as the ports are different (1645 and 1646)

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hello Sagar,

Regarding the ports, the 1812 and 1813 are official ports on which RADIUS server is expected to be listening. However, older and legacy installations still use a previous set of ports, namely 1645 and 1646. Whatever your RADIUS server uses, it has to be precisely matched by your switch configuration. If you are sure that your RADIUS servers listens on the legacy ports 1645 and 1646 then you have to modify your radius-server host entry to change the destination UDP ports to which your switch is sending the RADIUS messages.

Best regards,

Peter

Purple

Need help on dynamic vlan assignment through dot1x

Hi Peter,

To verify the RADIUS server is listening on these ports and is reachable, I think an extended  traceroute from the switch would suffice .

I did it to verify connectivity to a freeradius server once and it worked.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hello Alain,

I am afraid the extended traceroute would not be helpful. The trick of UDP-based traceroute is to send UDP segments to the destination (with an ever-increasing TTL value in the IP packets carrying these segments), and to elicit an ICMP Port Unreachable message from the destination. If the RADIUS server was actually listening on the UDP port used to send the UDP segments, it would not respond at all or it would respond with some kind of error message (probably an Access-Reject). Either possibility would be considered as a missing response by the traceroute - you would get only the "* * *" output. I also have a feeling that the port number specified in the extended traceroute is just the base UDP number, and for subsequent hops, the UDP port is increased. That is perhaps why your traceroute experiment worked - because in the round in which your UDP segments actually reached the RADIUS server, the UDP destination port got increased above 1812 or 1813 and hit a closed port, prompting the server to send you the expected ICMP Port Unreachable message.

Best regards,

Peter

Purple

Re: Need help on dynamic vlan assignment through dot1x

Hi Peter,

I'm going to test it again and tell you.

Thanks for your prompt reply.

EDIT: you were right about the port being incremented and so effectively I was receiving an icmp unreachable on a higher port.

I had never noticed this behaviour so I learnt something new today thanks to you.

Regards

Alain

Don't forget to rate helpful posts.

Ce message a été modifié par: cadet alain

Don't forget to rate helpful posts.
Cisco Employee

Re: Need help on dynamic vlan assignment through dot1x

Hello Alain,

You are most welcome. I knew about this traceroute behavior primarily from Linux where the traceroute command behaved in this way since I remembered. I suspected that the IOS traceroute will be similar.

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hi Peter,

I have managed to get the configuration on the Juniper SBR corrected and now able to authenticate successfully.

But there seems to be a problem with the vlan assignment and it seems like the switch is not accepting the attributes sent by the radius server. Is there any additional configuration required on the switch for this..?

Thank you for your help..!!!

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Sagar,

Let's try specifying the RADIUS attribute values numerically - perhaps the RADIUS server is not assigning the attribute values appropriately according to their textual names.

Tunnel-Type = 13

Tunnel-Medium-Type = 6

Tunnel-Private-Group-ID = 143

Also please try running the debug radius command when testing this. Thank you!

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hi Paul,

I have checked on the radius server and it is sending the attributes with the correct numerical values but i cannot see that on the switch. I'm only able to authenticate successfully but the vlan assignment is not happening. Pasting the debug logs below.

Thanks...!!!!

017706: Jul 29 14:05:58.410 IST: %SYS-5-CONFIG_I: Configured from console by kedar on console

017707: Jul 29 14:06:06.082 IST: %AUTHMGR-5-START: Starting 'dot1x' for client (047d.7b35.a381) on Interface Gi2/3

017708: Jul 29 14:06:14.818 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

017709: Jul 29 14:06:14.818 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

017710: Jul 29 14:06:14.818 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

017711: Jul 29 14:06:14.818 IST: RADIUS(00000062): sending

017712: Jul 29 14:06:14.818 IST: RADIUS(00000062): Send Access-Request to 10.253.145.72:1812 id 1645/64, len 204

017713: Jul 29 14:06:14.818 IST: RADIUS:  authenticator 96 9C B7 E0 24 F0 9F 48 - F8 50 60 63 C9 3D 03 6F

017714: Jul 29 14:06:14.818 IST: RADIUS:  User-Name           [1]   12  "anupam.deo"

017715: Jul 29 14:06:14.818 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]

017716: Jul 29 14:06:14.818 IST: RADIUS:  Framed-MTU          [12]  6   1500                     

017717: J

ul 29 14:06:14.818 IST: RADIUS:  Called-Sta

tion-Id  0 [30]  19  "68-EF-BD-2B-37-D2"

017718: Jul 291 14:06:14.818 IST: RADIUS:  Calling-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

017719: Jul 297 14:06:714.818 IST: RADIUS:  EAP-M5essage         [79]  17 

017720: Jul 29 14:069:14.818 IST: RADIUS:   02 03 00 0F 01 61 6E 75 :70 61 6D 2E 64 65 6F        [  anupam.deo]

017721: Jul 29 14:06:14.818 IST: RADIUS:  Message-Authenticato[80]  18 

017722: Jul 29 14:06:14.818 IST: RAJDIUS:   D6 E2 F8 20 8D 18 DD 66 13 52 39 BF 14 31 40 CA            [  fR91@u]

017723: Jul 29 14:06:14.818 IST: RADIUSl:  Vendor, Cisco       [26]  49 

017724: Jul 2 9 14:06:14.818 IST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A86D1100000025228CE244"

017725: Jul 229 14:06:194.818 IST: RADIUS:  NAS-Port-Type       [61]  6   Et hernet                  [15]

017726: Jul 29 14:06:14.818 IST: RADIUS:  NAS-Port            [5]   6   50203 1         4          

017727: Jul 29 14:06:14.818 IST: RADIUS:  NAS:-0Port-Id         [87]  20  "GigabitEthernet2/3"

017728: J6ul 29 14:06:14.818 IST: RADIUS:  NAS-:IP-Address      [4]   6   192.168.109.17           

017729: Jul 29 114:06:14.822 IST: RADIUS: Received from id 1645/64 10.253.145.72:1812, Access-Challenge, len 108

017730: Jul 294 14:06:14.822 IST: RADIUS:  authenticator 14 70 5F 14 C2 7D DC F8 - CA 18 02 2D A7 35 92 C7

017731: Jul 29 14:06:14.822 IST: RADIUS:  State               [24]  17 

017732: Jul 29 14:06:14.822 IST: RADIUS:   53 42 5.2 2D 43 48 20 31 39 30 33 36 7C 31 00    [ SBR-CH 19036|1]

017733: J8ul 29 14:06:14.822 IST: RADIUS:  EAP-2Message         [79]  47 

6017734: Jul 29 14:06:14.822 IST : RADIUS:   01 04 00 2D 1A 01 04 00 28 10 BC C6 CB B0 8B 72 DE 62 ED 2D DF E9 77 F3 8D B4 53 74I 65 65 6C 2D 42 65 6C 74  [-(rb-wSteel-Belt]

017735:S Jul 29 14:06:14.822 IST: RADIUS:   65 64 T20: 52 61 64 69 75 73         [ ed  Radius]

017736: Jul 29 14:06:14.822 IST: RADIUS:  Session-TiRmeout     [27]  6   120                      

A017737: Jul 29 14:06:14.822 IST: RADIUS:  Message-Authenticato[80]  18 

017738: Jul 29 14:06:14.822 IST: RADIUS:   5F 7B 44 D7 55 49 12 E8 E4 AC C7 97 A5 8B 67 71           [ _{DUIgq]

017739: Jul 29 14:06:14.822 IST: RADIUS(00000062): Received from id 1645/64

017740: Jul 29 14:06:14.822 IST: RADIUS/DECODE: EAP-Message fragments, 45, total 4D5 bytes

017741: Jul 29 14I:06:14.822 ISTU: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

017742: Jul 29 14:06S:14.822 IST: RADIUS(0:0000062): Config NAS IP: 192.1 6 8.109.17

017743: JNul 29 14:06:14.822 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

017744: Jul 29 14:06:14.826 IST: RADIUS(00000062): sending

017745: Jul 29 1A4:06:14.826 IST: RADIUS(00000062): Send Access-Request to S10.2-53.145.72P:1812 id 1645/65, len 212

o

017746: Jul 29 14:06:14.826 ISTr: RADIUS: t authenticator 39 E5 C8 A8 37 A6 1F DA - 22 AD 6D 92 21 D9 26 6C

017747: Jul 29 14:06:14.826 IST: RADIUS :  User-Name           [1]   12   "anupam.deo"

017748: Jul 29 14:06:14.826 IST: RA DIUS:  Service-Type        [6]   6   Framed                    [2]

017749: Jul 29 14:06:14.826 IST: RADIUS:  Framed-MTU          [12]  6   1500                     

017750: Jul 2 9 14:06:14.8 26 IST: RADIUS:  Called-Station-Id   [30]  19  "68-EF-BD-2B-37-D2"

017751: Jul 29 14:06:14.826 IST: R ADIUS:   Calling-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

017752: Jul 29 14:06:14.826 IST: RADIUS:  EAP-Message         [79]  8  

017753: Jul 29 14:06:14.826 IST: RADIUS:   02 04 00 06 03 19

017754 : Jul 29 14:06:14.826 IST: RADIUS:  Message-Authenticato[80]  18 

017755: Jul 29 14:06:14.826 IST: RADIUS:   F6 2F 2F 3C CF E6 53 5B 89 8F A1 C2 AC CD 22 86            [ //

017756: Jul 29 14:06:14.826 IST: RADIUS:   Vendor, Cisco       [26]  49 

017757: Jul 29  14[:06:14.826 IST: RADIUS:   Cisco AVpai5r      ] [1]   43  "audit-session-id=C0A86D1100000025228CE244"

017758: Jul 29 14:0 6:14.826 IST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]  6   50203                    

017760: Jul 29 14:06:14.826 IST: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

017761: Jul 29 14:06:14.826 IST: RADIUS:  State               [24]  17 

017762: Jul 29 14:06:14.826 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 31 00    [ SBR-CH 19036|1]

017763: Jul 29 14:06:14.826 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

017764: Jul 29 14:06:14.826 IST: RADIUS: Received from id 1645/65 10.253.145.72:1812, Access-Challenge, len 69

017765: Jul 290 14:006:14.826 IST: RADIUS:  authenticator 98 60 73 73  8D BA 96 D0 -2 1E 60 18 6D 9E 70 EF 82

017766: Jul 29 14:06:14.826 IST: RADIUS:  State               6[ 24]  170  3

017767: Jul 29 14:0 6:14.826 IST0: RADIUS:1   5 3 425 52 2D 43 48 20 31 39 130 33 36 7C 32 00    [ SB R-CH 19036|2]

017768: Jul 29 14:06:14F.826 IST: RADIUS:  EAP-Message       6  [79]  8  

017769: Jul 29 14:06:14.826 IST: RADIUS:   01 05 00 06 19 21                  [ !]2

017770: Jul 29 14:06:14.826 IST: RADIUS:  Session-9Timeout     [27]  6   120                      

0177 71: Jul 297 14:06:14.826 IST: RADIUS:  Message-FAuthenticato[8 0]  18 

017772: Jul 29 14:06:14.826 IST: RADIU2S:   5C8 F3 AE A8 48 03 27 96 86 6B D6 6B 65 B7 6B 6F            [ H'kkeko6]

017773: Jul 29 14:D06:14.826 IST: RADIUS(000 00062): Received from Aid 1645/65

0137774:  Jul 29 14:06:14.826 IST: RADIU6S/DECODE: EAP-Message Afragments,  6, total 6 bytes

017775: Jul 29 14:06:114.830 IST: RADIUS/EN4CODE(00000062):Orig. component type = DOT1X

017776: FJul 29 14:06:14.830 IST: 0RAD IUS(00000062): Config NAS IP: 192.168.109.17

0147777: Jul 29 14:06:14.830 IST: RADI5US/E NCODE7(600000062): acct_session_id: 98

017778: Jul 29 14 :076B:1 4.8380 IST: RADIUS(00000062): seDnding

017779: Jul 29 14:06:14.830 IST: RADIUS(00000062): S end Access-Request to 010.253.145.72:1812 id 1645/66, len 311

01977 80: Jul 29 14:061:14.7830 IST: R ADIUS:  authenticator3 87 C5 49 AF B4 2A 27 EB - DA 8D 0E A9 F7 E2 45 38

017781: Jul6 29 14:06:14.830 IST: RADIUS:  User-Name            [1]   12  "anupamD.deo"

017782: Jul 29 14:06:14.830 9IST: RADIUS :  Service-Type        [6]   6   Framed                    [32]

017E783: Jul 29  14:06:14.830 IST5: RADIUS:  Framed-MTU        1  [12]  6   1500                      

017784: JulA 29 14:06:14.830 IST: RADIUES:  Called-Station-Id   [30]  19  "68-EF-BD-2B-37-D2"

017785: Jul 29 14:06:14.830 IST: RADIUS:   Calli5ng-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

017786: Jul 29 14:06:14.830 IST: RADIUS:  EAP-Message         [79]  107

0177587: Jul 29 14:06:14.830 IST: RADIUS:   02 05 00 69 19 80  00 00 007 5F 16 03 015 00 5A  01 030 00 56 03 01 51 F6 29 81 CE 8EE 55 58 79  13 CC 19 7E  02 2D 2A[ 06 87 8B 43 35 3E 09 5F  [i_ZVQ)UXy~-*C5>_]

017788: Jul 29 14:06:14.830 IST: *RADIUS:   9&D 46 7D 95 5A 1A 1Q8 A3 00 00 18 00 2F 00 35 00 05 )00 0A C0 13 C0 14 C0 09 C0 0A 00 32 00 38 00 13 ?00 04 01 00 00 15 FF 01 00 01 00 00 0A 00 06 00 0m4 00 17 0j0 18 00 0B 00 02 01 00           [ F}EZ/528]

017789: Julv 29 14:06:14.830 IST: {RADIUS:  Message-Authenticato[80]  618 

0177>90: Jul 29Q 14:06U:14.830 IST: RADIUS:   68 9C 8C 80 97 73 C3 FC AD AA 2A 2D 5F 35 91 02            [ hs*-_5]

017791: Jul 29 14:06:14.83u0 IST: RADIUS:>  Vendor, Cisc]o       [26]

  49 

017792: Jul

29 14:06:14.830 IST: RADIUS:   Cisco AVpair       [1]   43 0 "audit-sessio1n-id=C0A86D1100000025228CE244"

7

8017793: Jul 29 14:06:14.830 IST: RADIUS:0  NAS-Port-Type       [61] 5 6   Ethernet                  [15]

017794: J:ul 29 14:06:14.830 IST: RADIUS:  NAS-Port            [5]   6   50203         J            

u017795: Jul 29 14:06:14.830 IST: RADIUS: l NAS-Port-Id         2 [87]  20  "GigabitEthernet2/3"

017796: Jul 29 14:06:14.830 IST: RADIUS:  State 9              [24]  17 

017797: Jul 29 14:06:14.830 I ST: 1RADIUS4:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 32 00    [ :SBR-CH 19036|2]

017798: Jul 29 14:06:140.830 IST: RADIUS:  NAS-IP-Address  6 :   [4]   61   192.168.109.17  4         

017799: Jul 29 14:06:14.834 IST: RADIUS: Received from id 1645/.66 10.2538.145.72:1812, A3ccess-Chall4enge, len  1091

0178I00: Jul 2S9 14:0T6:14.834 IST: RADI:US:  authenticator FE E 2 50 30 05 6E EF 59 - C3 D2 38 86 D5 AD FC CD

017801: Jul 29 14:06:14.834R IST: RADIUS:  State               [24]A  D17 

017802: IJul 29 14:06:14.834 ISTU: RADIUS:   53 42 52 2DS 43 48 20 :31 39 30 3 3  36 7C 33 00     [ SBR-CH 19036|3]

017803: Jul 29 14:06:14.834 IST: RADIUS:  EAP-Message         [79]  255

017804: Jul 29 14:06:14.834 IST: RADIUS:   0B1 06 03 FC 19 C0 00 00 07 91 16 103 0 1 00 2A 02 00FC D8 6C DE 37 FA 0F 00 00 2F 00 16 03 01 07 54 0B 00 07 50 00 07 4D 00 07 4A 30 82 07 46 30 82 06 2E A0 03 02 01 02 02 0A 34 8A B3 B3 00 06 00 06 3E 79 30 0D 06 09 2A  [l7/TPMJ0F0.4>y0*]

017806: Jul 29 14:06:14.834 IST: RADIUS:   86 48 86 F7 0D 01 01 05 05 00 30 61 31 14 30 12 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 04 63 6F 72 70 31 17 30 15 06 0A 09 92 26 89 93 F2 2C  [H0a10&,dcorp10&,]

017807: Jul 29 14:06:14.834 IST: RADIUS:   64 01 19 16 07 73 75 6E 67 61 72 64 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 74  [dsungard10&,dint]

017808: Jul 29 14:06:14.834 IST: RADIUS:   65 72 6E 61 6C 31 16 30 14 06 03 55 04 03 13 0D 75 73 2D 76 6F 6F 2D 63  [ernal10Uus-voo-c]

017809: Jul 29 14:06:14.834 IST: RADIUS:   65 72 74 30 31 30 1E 17 0D 31 33 30 36 30 34 31 31 33 39  [ert0101306041139]

017810: Jul 29 14:06:14.834 IST: RADIUS:   31 35 5A 17 0D 31 35 30 35 31 32 30 35 31 33 35 34 5A  [15Z150512051354Z]

017811: Jul 29 14:06:14.834 IST: RADIUS:   30 81 A6 31 0B 30 09 06 03 55              [ 010U]

017812: Jul 29 14:06:14.834 IST: RADIUS:  EAP-Message         [79]  255

017813: Jul 29 14:06:14.834 IST: RADIUS:   04 06 13 02 49 4E 31 0B 30 09 06 03 55 04 08 13 02 4D 48 31 0D 30 0B 06 03 55 04 07 13 04 50 75 6E 65 31 10 30  [IN10UMH10UPune10]

017814: Jul 29 14:06:14.834 IST: RADIUS:   0E 06 03 55 04 0A 13 07 53 75 6E 47 61 72 64 31 10 30 0E 06 03 55 04 0B 13 07 53 75 6E 47 61  [USunGard10USunGa]

017815: Jul 29 14:06:14.834 IST: RADIUS:   72 64 31 2E 30 2C 06 03 55 04 03 13 25 41 50 2D 50 55 4E 2D 53  [rd1.0,U?AP-PUN-S]

017816: Jul 29 14:06:14.834 IST: RADIUS:   52 53 53 31 30 30 37 2E 69 6E 74 65 72 6E 61 6C  [RSS1007.internal]

017817: Jul 29 14:06:14.834 IST: RADIUS:   2E 73 75 6E 67 61 72 64 2E 63 6F 72 70 31 27 30  [.sungard.corp1'0]

017818: Jul 29 14:06:14.834 IST: RADIUS:   25 06 09 2A 86 48 86 F7 0D 01 09 01 16 18 70 72 61 6D 6F 64 2E 68 61 6C 64 65 40  [?*Hpramod.halde@]

017819: Jul 29 14:06:14.834 IST: RADIUS:   73 75 6E 67 61 72 64 2E 63 6F 6D 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30  [sungard.com00*H0]

017820: Jul 29 14:06:14.834 IST: RADIUS:   81 89 02 81 81 00 A9 5F 01 50 32 46 1F 4D 74 5D 0C 35 E4 1D 19 E6 4D C6 55 7F 97 C7 A4 83 77 9B 0E A5 D3 4C 14 B3 F4 52 AF 07 FB DD F4 15 2C 80 20 6A  [_P2FMt]5MUwLR, j]

017821: Jul 29 14:06:14.834 IST: RADIUS:   CE 3B CD 2B E6 35 88 D1 E1 20 21 40 E3 BF 06 B5 7B A8 01 7C 7C         [ ;+5 !@{||]

017822: Jul 29 14:06:14.834 IST: RADIUS:  EAP-Message         [79]  255

017823: Jul 29 14:06:14.834 IST: RADIUS:   8F E2 CA AF 09 F3 05 88 06 E0 27 63 5E A7 1F A8 E4 6B 8D 92 9F 8C 89 99 67 E2 D6 5D 14 8C C8 83 DA E8 3D 83 39 E1 EC 28 73 95 5F 1F 5F AC 14 35 A9 E6 FF 37 20 CE A9 96 37  ['c^kg]=9(s__57 7]

017824: Jul 29 14:06:14.834 IST: RADIUS:   22 79 8E 2B 39 B7 02 03 01 00 01 A3 82 04 3C 30 82 04 38 30 1D 06 03 55 1D 0E 04 16 04 14 24 77 C3 B0 2A 20 30 60 97 95 97 4B  ["y+9<080U$w* 0`K]

017825: Jul 29 14:06:14.834 IST: RADIUS:   FE 39 97 6D 52 51 67 A1 30 1F 06 03 55 1D 23 04 18 30 16 80 14 F9 78 90 16 05 B3 A5 65 5D 1E 14 6E 49 07 20 01 03 0E 12 FD 30  [9mRQg0U#0xe]nI 0]

017826: Jul 29 14:06:14.834 IST: RADIUS:   82 01 A8 06 03 55 1D 1F 04 82 01 9F 30 82 01 9B 30 82 01 97 A0 82 01 93 A0 82 01 8F 86 81 BE 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 75 73  [U00ldap:///CN=us]

017827: Jul 29 14:06:14.834 IST: RADIUS:   2D 76 6F 6F 2D 63 65 72 74 30 31 28 36 29 2C 43  [-voo-cert01(6),C]

017828: Jul 29 14:06:14.834 IST: RADIUS:   4E 3D 55 53 2D 56 4F 4F 2D 43 45 52 54 30 31 2C  [N=US-VOO-CERT01,]

017829: Jul 29 14:06:14.834 IST: RADIUS:   43 4E 3D 43 44 50 2C 43 4E 3D 50 75 62 6C 69 63  [CN=CDP,CN=Public]

017830: Jul 29 14:06:14.834 IST: RADIUS:   25 32 30 4B 65 79 25 32 30 53 65 72 76 69 63 65  [?20Key?20Service]

017831: Jul 29 14:06:14.834 IST: RADIUS:   73 2C 43 4E              [ s,CN]

017832: Jul 29 14:06:14.834 IST: RADIUS:  EAP-Message         [79]  255

017833: Jul 29 14:06:14.834 IST: RADIUS:   3D 53 65 72 76 69 63 65 73 2C 43 4E 3D 43 6F 6E  [=Services,CN=Con]

017834: Jul 29 14:06:14.834 IST: RADIUS:   66 69 67 75 72 61 74 69 6F 6E 2C 44 43 3D 73 75  [figuration,DC=su]

017835: Jul 29 14:06:14.834 IST: RADIUS:   6E 67 61 72 64 2C 44 43 3D 63 6F 72 70 3F 63 65  [ngard,DC=corp?ce]

017836: Jul 29 14:06:14.834 IST: RADIUS:   72 74 69 66 69 63 61 74 65 52 65 76 6F 63 61 74  [rtificateRevocat]

017837: Jul 29 14:06:14.834 IST: RADIUS:   69 6F 6E 4C 69 73 74 3F 62 61 73 65 3F 6F 62 6A  [ionList?base?obj]

017838: Jul 29 14:06:14.834 IST: RADIUS:   65 63 74 43 6C 61 73 73 3D 63 52 4C 44 69 73 74  [ectClass=cRLDist]

017839: Jul 29 14:06:14.834 IST: RADIUS:   72 69 62 75 74 69 6F 6E 50 6F 69 6E 74 86 4A 68 74  [ributionPointJht]

017840: Jul 29 14:06:14.834 IST: RADIUS:   74 70 3A 2F 2F 75 73 2D 76 6F 6F 2D 63 65 72 74  [tp://us-voo-cert]

017841: Jul 29 14:06:14.834 IST: RADIUS:   30 31 2E 69 6E 74 65 72 6E 61 6C 2E 73 75 6E 67  [01.internal.sung]

017842: Jul 29 14:06:14.834 IST: RADIUS:   61 72 64 2E 63 6F 72 70 2F 43 65 72 74 45 6E 72  [ard.corp/CertEnr]

017843: Jul 29 14:06:14.834 IST: RADIUS:   6F 6C 6C 2F 75 73 2D 76 6F 6F 2D 63 65 72 74 30  [oll/us-voo-cert0]

017844: Jul 29 14:06:14.834 IST: RADIUS:   31 28 36 29 2E 63 72 6C 86 4A 68 74 74 70 3A 2F 2F  [1(6).crlJhttp://]

017845: Jul 29 14:06:14.834 IST: RADIUS:   75 73 2D 76 6F 6F 2D 63 65 72 74 30 33 2E 69 6E  [us-voo-cert03.in]

017846: Jul 29 14:06:14.834 IST: RADIUS:   74 65 72 6E 61 6C 2E 73 75 6E 67 61 72 64 2E 63  [ternal.sungard.c]

017847: Jul 29 14:06:14.834 IST: RADIUS:   6F 72 70 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 75  [orp/CertEnroll/u]

017848: Jul 29 14:06:14.834 IST: RADIUS:   73 2D 76 6F 6F 2D 63 65 72 74 30       [ s-voo-cert0]

017849: Jul 29 14:06:14.834 IST: RADIUS:  EAP-Message         [79]  10 

017850: Jul 29 14:06:14.834 IST: RADIUS:   31 28 36 29 2E 63 72 6C          [ 1(6).crl]

017851: Jul 29 14:06:14.834 IST: RADIUS:  Session-Timeout     [27]  6   120                      

017852: Jul 29 14:06:14.834 IST: RADIUS:  Message-Authenticato[80]  18 

017853: Jul 29 14:06:14.834 IST: RADIUS:   A2 08 FC 56 0C 36 33 9F 61 33 91 96 DB DD AF AD             [ V63a3]

017854: Jul 29 14:06:14.834 IST: RADIUS(00000062): Received from id 1645/66

017855: Jul 29 14:06:14.834 IST: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+8, total 1020 bytes

017856: Jul 29 14:06:14.838 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

017857: Jul 29 14:06:14.838 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

017858: Jul 29 14:06:14.838 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

017859: Jul 29 14:06:14.838 IST: RADIUS(00000062): sending

017860: Jul 29 14:06:14.838 IST: RADIUS(00000062): Send Access-Request to 10.253.145.72:1812 id 1645/67, len 212

017861: Jul 29 14:06:14.838 IST: RADIUS:  authenticator 46 35 8F 39 3D 97 50 95 - AD A3 B3 32 6C 0D 10 CD

017862: Jul 29 14:06:14.838 IST: RADIUS:  User-Name           [1]   12  "anupam.deo"

017863: Jul 29 14:06:14.838 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]

017864: Jul 29 14:06:14.838 IST: RADIUS:  Framed-MTU          [12]  6   1500                     

017865: Jul 29 14:06:14.838 IST: RADIUS:  Called-Station-Id   [30]  19  "68-EF-BD-2B-37-D2"

017866: Jul 29 14:06:14.838 IST: RADIUS:  Calling-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

017867: Jul 29 14:06:14.838 IST: RADIUS:  EAP-Message         [79]  8  

017868: Jul 29 14:06:14.838 IST: RADIUS:   02 06 00 06 19 00

017869: Jul 29 14:06:14.838 IST: RADIUS:  Message-Authenticato[80]  18 

017870: Jul 29 14:06:14.838 IST: RADIUS:   DE 98 22 C2 82 CC B3 0E 46 79 4B EF 47 C7 4B AB            [ "FyKGK]

017871: Jul 29 14:06:14.838 IST: RADIUS:  Vendor, Cisco       [26]  49 

017872: Jul 29 14:06:14.838 IST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A86D1100000025228CE244"

017873: Jul 29 14:06:14.838 IST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

017874: Jul 29 14:06:14.838 IST: RADIUS:  NAS-Port            [5]   6   50203                    

017875: Jul 29 14:06:14.838 IST: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

017876: Jul 29 14:06:14.838 IST: RADIUS:  State               [24]  17 

017877: Jul 29 14:06:14.838 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 33 00    [ SBR-CH 19036|3]

017878: Jul 29 14:06:14.838 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

017879: Jul 29 14:06:14.842 IST: RADIUS: Received from id 1645/67 10.253.145.72:1812, Access-Challenge, len 1002

017880: Jul 29 14:06:14.842 IST: RADIUS:  authenticator F3 F7 6C 74 C2 D7 C3 1E - B3 86 14 4A B6 B4 A3 4B

017881: Jul 29 14:06:14.842 IST: RADIUS:  State               [24]  17 

017882: Jul 29 14:06:14.842 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 34 00    [ SBR-CH 19036|4]

017883: Jul 29 14:06:14.842 IST: RADIUS:  EAP-Message         [79]  255

017884: Jul 29 14:06:14.842 IST: RADIUS:   01 07 03 A5 19 00 86 34 68 74 74 70 3A 2F 2F 75 73 2D 76 6F 6F 2D 63  [4http://us-voo-c]

017885: Jul 29 14:06:14.842 IST: RADIUS:   65 72 74 30 33 2F 43 65 72 74 45 6E 72 6F 6C 6C  [ert03/CertEnroll]

017886: Jul 29 14:06:14.842 IST: RADIUS:   2F 75 73 2D 76 6F 6F 2D 63 65 72 74 30 31 28 36  [/us-voo-cert01(6]

017887: Jul 29 14:06:14.842 IST: RADIUS:   29 2E 63 72 6C 30 82 01 BC 06 08 2B 06 01 05 05 07 01 01 04 82 01 AE 30 82 01 AA 30 81 AD 06 08 2B 06 01 05 05 07 30 02 86 81 A0 6C 64 61 70 3A  [).crl0+00+0ldap:]

017888: Jul 29 14:06:14.842 IST: RADIUS:   2F 2F 2F 43 4E 3D 75 73 2D 76 6F 6F 2D 63 65 72  [///CN=us-voo-cer]

017889: Jul 29 14:06:14.842 IST: RADIUS:   74 30 31 2C 43 4E 3D 41 49 41 2C 43 4E 3D 50 75  [t01,CN=AIA,CN=Pu]

017890: Jul 29 14:06:14.842 IST: RADIUS:   62 6C 69 63 25 32 30 4B 65 79 25 32 30 53 65 72  [blic?20Key?20Ser]

017891: Jul 29 14:06:14.842 IST: RADIUS:   76 69 63 65 73 2C 43 4E 3D 53 65 72 76 69 63 65  [vices,CN=Service]

017892: Jul 29 14:06:14.842 IST: RADIUS:   73 2C 43 4E 3D 43 6F 6E 66 69 67 75 72 61 74 69  [s,CN=Configurati]

017893: Jul 29 14:06:14.842 IST: RADIUS:   6F 6E 2C 44 43 3D 73 75 6E 67 61 72 64 2C 44 43  [on,DC=sungard,DC]

017894: Jul 29 14:06:14.842 IST: RADIUS:   3D 63 6F 72 70 3F 63 41 43 65 72 74 69 66 69 63  [=corp?cACertific]

017895: Jul 29 14:06:14.842 IST: RADIUS:   61 74 65 3F 62 61 73 65 3F 6F 62 6A 65 63 74 43  [ate?base?objectC]

017896: Jul 29 14:06:14.842 IST: RADIUS:   6C 61 73 73 3D 63 65 72 74 69 66 69 63 61 74 69  [lass=certificati]

017897: Jul 29 14:06:14.842 IST: RADIUS:   6F 6E 41 75 74 68            [ onAuth]

017898: Jul 29 14:06:14.842 IST: RADIUS:  EAP-Message         [79]  255

017899: Jul 29 14:06:14.842 IST: RADIUS:   6F 72 69 74 79 30 7A 06 08 2B 06 01 05 05 07 30 02 86 6E 68 74 74 70 3A 2F  [ority0z+0nhttp:/]

017900: Jul 29 14:06:14.842 IST: RADIUS:   2F 75 73 2D 76 6F 6F 2D 63 65 72 74 30 31 2E 69  [/us-voo-cert01.i]

017901: Jul 29 14:06:14.842 IST: RADIUS:   6E 74 65 72 6E 61 6C 2E 73 75 6E 67 61 72 64 2E  [nternal.sungard.]

017902: Jul 29 14:06:14.842 IST: RADIUS:   63 6F 72 70 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F  [corp/CertEnroll/]

017903: Jul 29 14:06:14.842 IST: RADIUS:   55 53 2D 56 4F 4F 2D 43 45 52 54 30 31 2E 69 6E  [US-VOO-CERT01.in]

017904: Jul 29 14:06:14.842 IST: RADIUS:   74 65 72 6E 61 6C 2E 73 75 6E 67 61 72 64 2E 63  [ternal.sungard.c]

017905: Jul 29 14:06:14.842 IST: RADIUS:   6F 72 70 5F 75 73 2D 76 6F 6F 2D 63 65 72 74 30  [orp_us-voo-cert0]

017906: Jul 29 14:06:14.842 IST: RADIUS:   31 28 36 29 2E 63 72 74 30 7C 06 08 2B 06 01 05 05 07 30 02 86 70 66 69 6C  [1(6).crt0|+0pfil]

017907: Jul 29 14:06:14.842 IST: RADIUS:   65 3A 2F 2F 5C 5C 55 53 2D 56 4F 4F 2D 43 45 52  [e://\\US-VOO-CER]

017908: Jul 29 14:06:14.842 IST: RADIUS:   54 30 31 2E 69 6E 74 65 72 6E 61 6C 2E 73 75 6E  [T01.internal.sun]

017909: Jul 29 14:06:14.842 IST: RADIUS:   67 61 72 64 2E 63 6F 72 70 5C 43 65 72 74 45 6E  [gard.corp\CertEn]

017910: Jul 29 14:06:14.842 IST: RADIUS:   72 6F 6C 6C 5C 55 53 2D 56 4F 4F 2D 43 45 52 54  [roll\US-VOO-CERT]

017911: Jul 29 14:06:14.842 IST: RADIUS:   30 31 2E 69 6E 74 65 72 6E 61 6C 2E 73 75 6E 67  [01.internal.sung]

017912: Jul 29 14:06:14.842 IST: RADIUS:   61 72 64 2E 63 6F 72 70 5F 75 73 2D 76 6F 6F 2D  [ard.corp_us-voo-]

017913: Jul 29 14:06:14.842 IST: RADIUS:   63 65 72 74 30 31 28 36 29 2E 63       [ cert01(6).c]

017914: Jul 29 14:06:14.842 IST: RADIUS:  EAP-Message         [79]  255

017915: Jul 29 14:06:14.842 IST: RADIUS:   72 74 30 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 02 05 A0 30 3D 06 09 2B 06 01 04 01 82 37 15 07 04 30 30 2E 06 26 2B  [rt0U00U0=+700.&+]

017916: Jul 29 14:06:14.842 IST: RADIUS:   06 01 04 01 82 37 15 08 87 9A DA 5F 86 AC 9E 56 81 99 85 04 83 A1 86 3A 83 F7 A8 32 77 85 82 CD 76 81 9F FB 1C 02 01 64 02 01 03 30 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 1B 06 09 2B 06 01 04 01 82 37  [7_V:2wvd0U?0+0+7]

017917: Jul 29 14:06:14.842 IST: RADIUS:   15 0A 04 0E 30 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 AA 66 E1 B5 6D CF 5A B8 48 B4 5E F9 9D CC 57 3C 48 A0 81 62 C5 73  [00+0*HfmZH^W

017918: Jul 29 14:06:14.842 IST: RADIUS:   B1 6C 43 25 B3 29 CD 4F DF 27 D4 9E A1 7B AA E3 A2 C1 E4 5C A7 EB EF 5F BE 49 6E 6F 09 ED 27 AF 60 DD C0 BB 74 A5 3D  [lC?)O'{\_Ino'`t=]

017919: Jul 29 14:06:14.842 IST: RADIUS:   52 95 58 54 0F D8 78 43 FA 83 25 BF 44 D8 E0 C3 A1 74 91 B1 18 FE 59 A4 3F 40 96 0A 66 A3      [ RXTxC?DtY?@f]

017920: Jul 29 14:06:14.842 IST: RADIUS:  EAP-Message         [79]  176

017921: Jul 29 14:06:14.842 IST: RADIUS:   CB 65 6A D3 B7 D8 43 E3 DF 17 AD F9 54 6C 7C 8E 9A 83 D9 E8 4B B1 EA D9 28 C3 6C C4 D7 4E 57 5E 6B 17 DD A3 E8 3D 0E 1F D5 6A 0D 19 C3 6C  [ejCTl|K(lNW^k=jl]

017922: Jul 29 14:06:14.842 IST: RADIUS:   8A 41 19 60 DD 1C C7 3E B2 5F D8 40 F5 3A E9 D9 20 C3 D6 93 CE 7D D2 E4 E4 B7 1A 11 4A 76 4F 08 2A 06 A4 C6 28 A2 9A 72 AC 67 DB 40  [A`>_@: }JvO*(rg@]

017923: Jul 29 14:06:14.842 IST: RADIUS:   29 F1 05 86 53 23 BC 3E 39 BE 01 02 BF C0 15 DC 49 31 C0 33 95 40 CD EA 5A 04 92 6B 43 26 D6 A9 AB 01 E4 15 BF 89 A2 1C 98 64 59 29  [)S#>9I13@ZkC&dY)]

017924: Jul 29 14:06:14.846 IST: RADIUS:   CF 2E 16 AF 91 46 4A C7 72 66 5E D8 4A 8D A0 8C C1 C5 B4 42 B7 5E 8F 32 08 C1 7F BE 75 51 61 16 03 01 00 04 0E 00 00 00     [ .FJrf^JB^2uQa]

017925: Jul 29 14:06:14.846 IST: RADIUS:  Session-Timeout     [27]  6   120                      

017926: Jul 29 14:06:14.846 IST: RADIUS:  Message-Authenticato[80]  18 

017927: Jul 29 14:06:14.846 IST: RADIUS:   24 47 A6 5A DC 31 63 C3 52 B6 24 FE 6F 24 65 60       [ $GZ1cR$o$e`]

017928: Jul 29 14:06:14.846 IST: RADIUS(00000062): Received from id 1645/67

017929: Jul 29 14:06:14.846 IST: RADIUS/DECODE: EAP-Message fragments, 253+253+253+174, total 933 bytes

017930: Jul 29 14:06:14.846 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

017931: Jul 29 14:06:14.846 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

017932: Jul 29 14:06:14.846 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

017933: Jul 29 14:06:14.846 IST: RADIUS(00000062): sending

017934: Jul 29 14:06:14.846 IST: RADIUS(00000062): Send Access-Request to 10.253.145.72:1812 id 1645/68, len 414

017935: Jul 29 14:06:14.846 IST: RADIUS:  authenticator 59 F2 CD 9D 04 97 A4 F1 - AB 91 5A 4F 6D 81 AC A9

017936: Jul 29 14:06:14.846 IST: RADIUS:  User-Name           [1]   12  "anupam.deo"

017937: Jul 29 14:06:14.846 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]

017938: Jul 29 14:06:14.846 IST: RADIUS:  Framed-MTU          [12]  6   1500                     

017939: Jul 29 14:06:14.846 IST: RADIUS:  Called-Station-Id   [30]  19  "68-EF-BD-2B-37-D2"

017940: Jul 29 14:06:14.846 IST: RADIUS:  Calling-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

017941: Jul 29 14:06:14.846 IST: RADIUS:  EAP-Message         [79]  210

017942: Jul 29 14:06:14.846 IST: RADIUS:   02 07 00 D0 19 80 00 00 00 C6 16 03 01 00 86 10 00 00 82 00 80 1D BA 35 F9 F8 2C DF BF 5B C2 A5 AF 22 94 D4 79 FF 5D 16 4E F6 A2 D0 58 62 BB 21 90 DE C7 9F 0C 52 40 5E A7 33 52 02 80 C7 1D 69  [5,["y]NXb!R@^3Ri]

017943: Jul 29 14:06:14.846 IST: RADIUS:   E4 38 D3 D9 49 1B 14 D2 0D 18 0E EA A9 8D 2F ED 7D 6B 26 72 F1 E3 4D 42 1B CC 78 CB 41 B7 92 AD 7B 38 50 A4 08 A3 F6 E6 FB E2 7A AE DB E3 E7 D2 96 3F  [8I/}k&rMBxA{8Pz?]

017944: Jul 29 14:06:14.846 IST: RADIUS:   82 62 95 3A FE 2E 64 C4 C8 25 68 70 F5 CB 67 A4 B4 F8 E2 FE DE 2D 20 8C DA 9E BC 93 15 1B AB AA BF 59 BD 14 03 01 00 01 01 16 03 01 00 30 CD 84 7B 1C C2 CE 85 F2 89 43 1B 1C B8 F3 24 9C BD 7E  [b:.d?hpg- Y0{C$~]

017945: Jul 29 14:06:14.846 IST: RADIUS:   67 60 42 16 95 66 AF C5 D9 F9 C0 71 7A 2B FE 36 0A E6 34 00 F6 C3 16 FD 30 61 06 3F B5 81      [ g`Bfqz+640a?]

017946: Jul 29 14:06:14.846 IST: RADIUS:  Message-Authenticato[80]  18 

017947: Jul 29 14:06:14.846 IST: RADIUS:   74 B0 78 88 07 45 FA 42 C3 D4 0C 51 50 A2 C9 4F           [ txEBQPO]

017948: Jul 29 14:06:14.846 IST: RADIUS:  Vendor, Cisco       [26]  49 

017949: Jul 29 14:06:14.846 IST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A86D1100000025228CE244"

017950: Jul 29 14:06:14.846 IST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

017951: Jul 29 14:06:14.846 IST: RADIUS:  NAS-Port            [5]   6   50203                    

017952: Jul 29 14:06:14.846 IST: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

017953: Jul 29 14:06:14.846 IST: RADIUS:  State               [24]  17 

017954: Jul 29 14:06:14.846 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 34 00    [ SBR-CH 19036|4]

017955: Jul 29 14:06:14.846 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

017956: Jul 29 14:06:14.854 IST: RADIUS: Received from id 1645/68 10.253.145.72:1812, Access-Challenge, len 132

017957: Jul 29 14:06:14.854 IST: RADIUS:  authenticator D6 0E AC 77 F0 B6 32 94 - 63 09 35 FA 8C 87 40 3A

017958: Jul 29 14:06:14.854 IST: RADIUS:  State               [24]  17 

017959: Jul 29 14:06:14.854 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 35 00    [ SBR-CH 19036|5]

017960: Jul 29 14:06:14.854 IST: RADIUS:  EAP-Message         [79]  71 

017961: Jul 29 14:06:14.854 IST: RADIUS:   01 08 00 45 19 80 00 00 00 3B 14 03 01 00 01 01 16 03 01 00 30 6C C8 92 AE 40 B4 A3 18 B4 39 EC 52 53 F3 67 9D 24 A1 C4 7A 48 0C 65 12 CC C4 07 BD 5C 64 1F BD F9 BE B2 98 EF BE DC D0 D6 F5 AA 63  [E;0l@9RSg$zHe\dc]

017962: Jul 29 14:06:14.854 IST: RADIUS:   5F 65 E3 B4                [ _e]

017963: Jul 29 14:06:14.854 IST: RADIUS:  Session-Timeout     [27]  6   120                      

017964: Jul 29 14:06:14.854 IST: RADIUS:  Message-Authenticato[80]  18 

017965: Jul 29 14:06:14.854 IST: RADIUS:   0A 8C AA E7 84 73 0B B1 24 A2 24 55 C2 8D 12 AC              [ s$$U]

017966: Jul 29 14:06:14.854 IST: RADIUS(00000062): Received from id 1645/68

017967: Jul 29 14:06:14.854 IST: RADIUS/DECODE: EAP-Message fragments, 69, total 69 bytes

017968: Jul 29 14:06:14.858 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

017969: Jul 29 14:06:14.858 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

017970: Jul 29 14:06:14.858 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

017971: Jul 29 14:06:14.858 IST: RADIUS(00000062): sending

017972: Jul 29 14:06:14.858 IST: RADIUS(00000062): Send Access-Request to 10.253.145.72:1812 id 1645/69, len 212

017973: Jul 29 14:06:14.858 IST: RADIUS:  authenticator 7A 5C D2 15 E5 7C EC A5 - 5A D5 D0 7F 4F CE AD EF

017974: Jul 29 14:06:14.858 IST: RADIUS:  User-Name           [1]   12  "anupam.deo"

017975: Jul 29 14:06:14.858 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]

017976: Jul 29 14:06:14.858 IST: RADIUS:  Framed-MTU          [12]  6   1500                     

017977: Jul 29 14:06:14.858 IST: RADIUS:  Called-Station-Id   [30]  19  "68-EF-BD-2B-37-D2"

017978: Jul 29 14:06:14.858 IST: RADIUS:  Calling-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

017979: Jul 29 14:06:14.858 IST: RADIUS:  EAP-Message         [79]  8  

017980: Jul 29 14:06:14.858 IST: RADIUS:   02 08 00 06 19 00

017981: Jul 29 14:06:14.858 IST: RADIUS:  Message-Authenticato[80]  18 

017982: Jul 29 14:06:14.858 IST: RADIUS:   D3 38 68 B9 A5 21 F9 A4 06 61 42 60 4B E5 03 B4           [ 8h!aB`K]

017983: Jul 29 14:06:14.858 IST: RADIUS:  Vendor, Cisco       [26]  49 

017984: Jul 29 14:06:14.858 IST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A86D1100000025228CE244"

017985: Jul 29 14:06:14.858 IST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

017986: Jul 29 14:06:14.858 IST: RADIUS:  NAS-Port            [5]   6   50203                    

017987: Jul 29 14:06:14.858 IST: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

017988: Jul 29 14:06:14.858 IST: RADIUS:  State               [24]  17 

017989: Jul 29 14:06:14.858 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 35 00    [ SBR-CH 19036|5]

017990: Jul 29 14:06:14.858 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

017991: Jul 29 14:06:14.858 IST: RADIUS: Received from id 1645/69 10.253.145.72:1812, Access-Challenge, len 106

017992: Jul 29 14:06:14.858 IST: RADIUS:  authenticator 3C C9 25 F5 5E 39 11 60 - 4A 8B 90 92 4B F6 B9 29

017993: Jul 29 14:06:14.858 IST: RADIUS:  State               [24]  17 

017994: Jul 29 14:06:14.858 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 36 00    [ SBR-CH 19036|6]

017995: Jul 29 14:06:14.858 IST: RADIUS:  EAP-Message         [79]  45 

017996: Jul 29 14:06:14.858 IST: RADIUS:   01 09 00 2B 19 00 17 03 01 00 20 21 F7 4A 40 F4 DC 90 06 B1 39 80 A8 4B 59 B5 93 AD C4 8E 5E 44 5D 6D 74 C4 93 FB 9E 8A 26 F2 B2    [ + !J@9KY^D]mt&]

017997: Jul 29 14:06:14.858 IST: RADIUS:  Session-Timeout     [27]  6   120                      

017998: Jul 29 14:06:14.858 IST: RADIUS:  Message-Authenticato[80]  18 

017999: Jul 29 14:06:14.858 IST: RADIUS:   68 38 19 BA C7 FA 5F 02 F0 6F 55 A0 7A 50 E6 9F           [ h8_oUzP]

018000: Jul 29 14:06:14.858 IST: RADIUS(00000062): Received from id 1645/69

018001: Jul 29 14:06:14.858 IST: RADIUS/DECODE: EAP-Message fragments, 43, total 43 bytes

018002: Jul 29 14:06:14.862 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

018003: Jul 29 14:06:14.862 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

018004: Jul 29 14:06:14.862 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

018005: Jul 29 14:06:14.862 IST: RADIUS(00000062): sending

018019: Jul 29 14:06:14.862 IST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

018020: Jul 29 14:06:14.862 IST: RADIUS:  NAS-Port            [5]   6   50203                    

018021: Jul 29 14:06:14.862 IST: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

018022: Jul 29 14:06:14.862 IST: RADIUS:  State               [24]  17 

018023: Jul 29 14:06:14.862 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 36 00    [ SBR-CH 19036|6]

018024: Jul 29 14:06:14.862 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

018025: Jul 29 14:06:15.578 IST: RADIUS: Received from id 1645/70 10.253.145.72:1812, Access-Challenge, len 138

018026: Jul 29 14:06:15.578 IST: RADIUS:  authenticator A1 A8 63 44 D9 61 71 62 - 66 2B BB 09 A9 BF 85 B5

018027: Jul 29 14:06:15.578 IST: RADIUS:  State               [24]  17 

018028: Jul 29 14:06:15.578 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 37 00    [ SBR-CH 19036|7]

018029: Jul 29 14:06:15.578 IST: RADIUS:  EAP-Message         [79]  77 

018030: Jul 29 14:06:15.578 IST: RADIUS:   01 0A 00 4B 19 00 17 03 01 00 40 69 C3 BC 48 8E AF 26 DD 2D 2F 37 74 20 2A 58 5C F6 86 04 AA A3 BE 45 4D E0 DB D7 8E 08 EE 68  [K@iH&-/7t *X\EMh]

018031: Jul 29 14:06:15.578 IST: RADIUS:   B0 56 2D C9 82 0A 47 CF AB 75 AB 6E 5C 88 59 0A 89 72 A4 E3 CE 0E F8 8D CA 57 D5 58 22 67 E1 1A 67     [ V-Gun\YrWX"gg]

018032: Jul 29 14:06:15.578 IST: RADIUS:  Session-Timeout     [27]  6   120                      

018033: Jul 29 14:06:15.578 IST: RADIUS:  Message-Authenticato[80]  18 

018034: Jul 29 14:06:15.578 IST: RADIUS:   91 6B 45 49 3A E7 7D E7 31 98 D9 B1 F2 40 09 CF           [ kEI:}1@]

018035: Jul 29 14:06:15.606 IST: RADIUS(00000062): Received from id 1645/70

018036: Jul 29 14:06:15.606 IST: RADIUS/DECODE: EAP-Message fragments, 75, total 75 bytes

018037: Jul 29 14:06:15.614 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

018038: Jul 29 14:06:15.614 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

018039: Jul 29 14:06:15.614 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

018040: Jul 29 14:06:15.614 IST: RADIUS(00000062): sending

018041: Jul 29 14:06:15.614 IST: RADIUS(00000062): Send Access-Request to 10.253.145.72:1812 id 1645/71, len 313

018042: Jul 29 14:06:15.614 IST: RADIUS:  authenticator 06 7E 34 91 F5 B7 E5 9D - D9 15 56 7C 5D CE 0E E1

018043: Jul 29 14:06:15.614 IST: RADIUS:  User-Name           [1]   12  "anupam.deo"

018044: Jul 29 14:06:15.614 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]

018045: Jul 29 14:06:15.614 IST: RADIUS:  Framed-MTU          [12]  6   1500                     

018046: Jul 29 14:06:15.614 IST: RADIUS:  Called-Station-Id   [30]  19  "68-EF-BD-2B-37-D2"

018047: Jul 29 14:06:15.614 IST: RADIUS:  Calling-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

018048: Jul 29 14:06:15.614 IST: RADIUS:  EAP-Message         [79]  109

018049: Jul 29 14:06:15.614 IST: RADIUS:   02 0A 00 6B 19 00 17 03 01 00 60 5E 8B 64 83 09 71 18 62 0D 11 2A 28 8B 2C 91 B3 8E DA F6 87 DC 59 C5 17 FA 21 54 3E 72 67 3B  [k`^dqb*(,Y!T>rg;]

018050: Jul 29 14:06:15.614 IST: RADIUS:   30 A3 E4 6D E1 0B A2 3A D7 FF 00 2E EA 06 3E E7 9D 67 B5 A4 A9 24 DF 23 65 72 2C 14 D9 4F FE AA C5 28 70 51 1D 58  [0m:.>g$#er,O(pQX]

018051: Jul 29 14:06:15.614 IST: RADIUS:   EF E1 8C E4 19 37 16 2B 9A EE 24 75 6D 19 4F BF AF B7 7A 62 66 D1 81 37 5B DD 10       [ 7+$umOzbf7[]

018052: Jul 29 14:06:15.614 IST: RADIUS:  Message-Authenticato[80]  18 

018053: Jul 29 14:06:15.614 IST: RADIUS:   BD 0B 53 47 4B 97 8E C8 BE 4F F9 C8 59 D9 49 EE            [ SGKOYI]

018054: Jul 29 14:06:15.614 IST: RADIUS:  Vendor, Cisco       [26]  49 

018055: Jul 29 14:06:15.614 IST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A86D1100000025228CE244"

018056: Jul 29 14:06:15.614 IST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

018057: Jul 29 14:06:15.614 IST: RADIUS:  NAS-Port            [5]   6   50203                    

018058: Jul 29 14:06:15.614 IST: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

018059: Jul 29 14:06:15.614 IST: RADIUS:  State               [24]  17 

018060: Jul 29 14:06:15.614 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 37 00    [ SBR-CH 19036|7]

018061: Jul 29 14:06:15.614 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

018068: Jul 29 14:06:15.630 IST: RADIUS:   99 C3 20 C8 B5 C1 88 7C D7 93 B2 34 92 48 39 F3 6D 7A 63 59 2D 0A D0 DD 0C 81 3D 60 A9 C8 16 12 EF E9 C2 4C 07 E0 1A 05 89 6F E8 BF 3E C4 BD   [  |4H9mzcY-=`Lo>]

018069: Jul 29 14:06:15.630 IST: RADIUS:  Session-Timeout     [27]  6   120                      

018070: Jul 29 14:06:15.630 IST: RADIUS:  Message-Authenticato[80]  18 

018071: Jul 29 14:06:15.630 IST: RADIUS:   6C 07 BA B8 F6 46 D2 C4 CC 98 29 4F 96 BC 9B 86              [ lF)O]

018072: Jul 29 14:06:15.630 IST: RADIUS(00000062): Received from id 1645/71

018073: Jul 29 14:06:15.630 IST: RADIUS/DECODE: EAP-Message fragments, 91, total 91 bytes

018074: Jul 29 14:06:20.326 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

018075: Jul 29 14:06:20.326 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

018076: Jul 29 14:06:20.326 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

018077: Jul 29 14:06:20.326 IST: RADIUS(00000062): sending

018078: Jul 29 14:06:20.410 IST: RADIUS(00000062): Send Access-Request to 10.253.145.72:1812 id 1645/72, len 249

018079: Jul 29 14:06:20.410 IST: RADIUS:  authenticator CB E5 79 1E DD FF DF 9C - 47 4E D4 A6 99 1D 7B F1

018080: Jul 29 14:06:20.410 IST: RADIUS:  User-Name           [1]   12  "anupam.deo"

018081: Jul 29 14:06:20.410 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]

018082: Jul 29 14:06:20.410 IST: RADIUS:  Framed-MTU          [12]  6   1500                     

018083: Jul 29 14:06:20.410 IST: RADIUS:  Called-Station-Id   [30]  19  "68-EF-BD-2B-37-D2"

018084: Jul 29 14:06:20.410 IST: RADIUS:  Calling-Station-Id  [31]  19  "04-7D-7B-35-A3-81"

018085: Jul 29 14:06:20.410 IST: RADIUS:  EAP-Message         [79]  45 

018086: Jul 29 14:06:20.410 IST: RADIUS:   02 0B 00 2B 19 00 17 03 01 00 20 75 C0 E2 79 D7 F8 43 29 E3 56 4C 00 4E 4E D6 96 43 3F 93 C2 0C 52 CD 42 0D D1 7B 8C DB CD F8 65  [ + uyC)VLNNC?RB{e]

018087: Jul 29 14:06:20.410 IST: RADIUS:  Message-Authenticato[80]  18 

018088: Jul 29 14:06:20.410 IST: RADIUS:   06 C3 66 07 D4 B5 8D 2F EA F1 E5 AF D7 4A CE 23              [ f/J#]

018089: Jul 29 14:06:20.410 IST: RADIUS:  Vendor, Cisco       [26]  49 

018090: Jul 29 14:06:20.410 IST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A86D1100000025228CE244"

018091: Jul 29 14:06:20.410 IST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

018092: Jul 29 14:06:20.410 IST: RADIUS:  NAS-Port            [5]   6   50203                    

018093: Jul 29 14:06:20.410 IST: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

018094: Jul 29 14:06:20.410 IST: RADIUS:  State               [24]  17 

018095: Jul 29 14:06:20.410 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 38 00    [ SBR-CH 19036|8]

018096: Jul 29 14:06:20.410 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

018097: Jul 29 14:06:20.434 IST: RADIUS: Received from id 1645/72 10.253.145.72:1812, Access-Challenge, len 106

018098: Jul 29 14:06:20.434 IST: RADIUS:  authenticator 21 7D EA 60 80 83 10 0C - D5 6B CD 0B 38 EE B5 86

018099: Jul 29 14:06:20.434 IST: RADIUS:  State               [24]  17 

018100: Jul 29 14:06:20.434 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 39 00    [ SBR-CH 19036|9]

018101: Jul 29 14:06:20.434 IST: RADIUS:  EAP-Message         [79]  45 

018102: Jul 29 14:06:20.434 IST: RADIUS:   01 0C 00 2B 19 00 17 03 01 00 20 A6 14 E8 11 D3 20 C4 87 1F 09 B8 34 46 86 B2 C8 BC E7 80 6B 69 88 E4 1A 7E 2C 4F 8C 6F F9 05 74      [ +  4Fki~,Oot]

018103: Jul 29 14:06:20.434 IST: RADIUS:  Session-Timeout     [27]  6   115                      

018104: Jul 29 14:06:20.434 IST: RADIUS:  Message-Authenticato[80]  18 

018105: Jul 29 14:06:20.434 IST: RADIUS:   6B C7 44 EA 81 A0 07 CA EC 41 1C AE 64 7E 71 69           [ kDAd~qi]

018106: Jul 29 14:06:20.446 IST: RADIUS(00000062): Received from id 1645/72

018107: Jul 29 14:06:20.446 IST: RADIUS/DECODE: EAP-Message fragments, 43, total 43 bytes

018108: Jul 29 14:06:20.462 IST: RADIUS/ENCODE(00000062):Orig. component type = DOT1X

018109: Jul 29 14:06:20.462 IST: RADIUS(00000062): Config NAS IP: 192.168.109.17

018110: Jul 29 14:06:20.462 IST: RADIUS/ENCODE(00000062): acct_session_id: 98

018111: Jul 29 14:06:20.462 IST: RADIUS(00000062): sending

018112: Jul 29 14:06:20.462 IST: RADIUS(00000062): Send Access-Request to 10.253.145.72:1812 id 1645/73, len 249

018113: Jul 29 14:06:20.462 IST: RADIUS:  authenticator 02 28 86 B3 EF C7 C6 E9 - 17 13 4B 26 92 70 D1 06

018114: Jul 29 14:06:20.462 IST: RADIUS:  User-Name           [1]   12  "anupam.deo"

018115: Jul 29 14:06:20.462 IST: RADIUS:  Service-Type        [6]   6  

018129: Jul 29 14:06:20.462 IST: RADIUS:  State               [24]  17 

018130: Jul 29 14:06:20.462 IST: RADIUS:   53 42 52 2D 43 48 20 31 39 30 33 36 7C 39 00    [ SBR-CH 19036|9]

018131: Jul 29 14:06:20.462 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

018132: Jul 29 14:06:25.171 IST: RADIUS: Received from id 1645/73 10.253.145.72:1812, Access-Accept, len 302

018133: Jul 29 14:06:25.171 IST: RADIUS:  authenticator 48 E4 D0 38 1C ED 93 0A - DB F2 30 56 06 9C 1B EA

018134: Jul 29 14:06:25.171 IST: RADIUS:  Class               [25]  142

018135: Jul 29 14:06:25.171 IST: RADIUS:   53 42 52 32 43 4C DA E5 D3 DA BF B6 B3 E1 CE 80 11 80 79 01 80 04 81 99 8C 86 80 02 80 0C 81 B0 DB CE D7 83 85 DA AE B2 99 AD F0 12 80 0E 81 DA E5 D3 DA BF B6 B3 E1 CE 80 84 CA B2 F8 14 80 4A 81 FF E5 B0 BC D1 E0 DE 83 EE D8 CE F3 A8 C7 AA D4 C7 F4 98 DA 81 F9 91 F7 CA 99 9E E7 DE A9 DB C2 EF D5 CB B4 E3 B5 EC 90 EA DA CA E9 99 B7 82 C8 8B D0 81 80 90 83 CA 87 FD E8 88 FE 95 E7 DC 83 C6 92 AA EE BE E9 D4 B1 AC 87 C0          [ SBR2CLyJ]

018136: Jul 29 14:06:25.171 IST: RADIUS:  EAP-Message         [79]  6  

018137: Jul 29 14:06:25.171 IST: RADIUS:   03 0C 00 04

018138: Jul 29 14:06:25.171 IST: RADIUS:  Vendor, Microsoft   [26]  58 

018139: Jul 29 14:06:25.171 IST: RADIUS:   MS-MPPE-Recv-Key   [17]  52  *

018140: Jul 29 14:06:25.171 IST: RADIUS:  Vendor, Microsoft   [26]  58 

018141: Jul 29 14:06:25.171 IST: RADIUS:   MS-MPPE-Send-Key   [16]  52  *

018142: Jul 29 14:06:25.171 IST: RADIUS:  Message-Authenticato[80]  18 

018143: Jul 29 14:06:25.171 IST: RADIUS:   96 15 07 B6 CD 36 B4 48 6E E9 F7 5A 3F CB 7A 60           [ 6HnZ?z`]

018144: Jul 29 14:06:25.211 IST: RADIUS(00000062): Received from id 1645/73

018145: Jul 29 14:06:25.211 IST: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

018146: Jul 29 14:06:25.251 IST: %DOT1X-5-SUCCESS: Authentication successful for client (047d.7b35.a381) on Interface Gi2/3

018147: Jul 29 14:06:25.255 IST: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (047d.7b35.a381) on Interface Gi2/3

018148: Jul 29 14:06:26.279 IST: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (047d.7b35.a381) on Interface Gi2/3

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hello Sagar,

Based on these debug outputs, I suspect the RADIUS server to be a problem. The three attributes are simply not being sent from the RADIUS server. The server should have added them into its Access-Accept response but obviously, they are not present. It is the server's choice to include or not to include them and there is nothing on the switch you could configure differently.

We have to focus on the RADIUS server configuration. Are you sure that these attributes are assigned to the "anupam.deo" user that is trying to authenticate currently? Alternatively, are you sure that these attributes are known by their names to the RADIUS server? We could also try to define both the attributes and their values purely numerically. Instead of:

Tunnel-Type = 13

Tunnel-Medium-Type = 6

Tunnel-Private-Group-ID = 143

use:

64 = 13

65 = 6

81 = 143

Attributes [64] and [65] are integer attributes. Attribute [81] is a string attribute.

I also suggest searching for and using a RADIUS test client to perform conversations with your RADIUS server from a PC and observe closely the attributes provided by the server. Once again, definitely, this is an issue that must be solved on the RADIUS server.

Best regards,

Peter

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Sagar,

In addition, can you please comment on this?

I have checked on the radius server and it is sending the attributes  with the correct numerical values but i cannot see that on the switch.

How did you check this? Have you been able to debug the RADIUS server or capture its packets? My suspicion here is that while the server may be configured with these attributes, it does not appear to actually add them to its Access-Accept response. Have you seen a message sent by the RADIUS server that contains the three required attributes?

In addition, what exact IOS version are you running on your switch?

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hi Paul,

I have checked this through the debug logs on the radius server. I have also done the packet capture on the radius but i only see the attributes in the radius debug logs and not in the packet capture.

The switch IOS is

cat4500e-lanbase-mz.122-53.SG1 and this image supports dot1x vlan assignment.

Would also need your views on this.

Thanks...

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Sagar,

If the 3 attributes are not put into the Access-Accept message sent from the RADIUS to the switch then definitely, that is the reason why the automatic VLAN assignment is not working. The RADIUS server, or its configuration, is to be blamed here.

However, as I have not worked with the Juniper RADIUS server before, I do not know what to do with it to force it to send the attributes. Once again, have you actually tried to define both the attributes and their values numerically, not by names?

If you have a support contract with Juniper, or if you can access its support forums (I believe they have a similar forum to this one), can you ask there about this issue?

In the meanwhile, do you have an option of testing a different RADIUS server? Personally I suggest FreeRADIUS although setting it up for the first time is not entirely simple.

Once again - we need to see those 3 attributes in an Access-Accept message, and that is the responsibility of the RADIUS server. A switch can not do anything about it. Until those 3 attributes are not seen in the packets as they are captured on the RADIUS server, this is a problem of the RADIUS server.

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hi Peter,

I'm now able to receive all the 3 attributes on the switch after creating a accept filter on the Juniper Radius.

But the vlan is not getting assigned to the desginated port even though all the integer values are as mentioned by you

and it also keeps on asking me for constant reauthentication.

Please suggest.

007763: Aug  2 11:30:56.260: @@@ dot1x_auth_bend Gi2/3: auth_bend_request -> auth_bend_response

007764: Aug  2 11:30:56.260: dot1x-sm(Gi2/3): 0x58000007:auth_bend_response_enter called

007765: Aug  2 11:30:56.260: dot1x-ev(Gi2/3): dot1x_sendRespToServer: Response sent to the server from 0x58000007 (047d.7b35.a381)

007766: Aug  2 11:30:56.260: dot1x-sm(Gi2/3): 0x58000007:auth_bend_request_response_action called

007767: Aug  2 11:30:56.260: RADIUS/ENCODE(00000011):Orig. component type = DOT1X

007768: Aug  2 11:30:56.260: RADIUS(00000011): Config NAS IP: 0.0.0.0

007769: Aug  2 11:30:56.260: RADIUS/ENCODE(00000011): acct_session_id: 17

007785: Aug  2 11:30:56.260: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]

007786: Aug  2 11:30:56.260: RADIUS:  NAS-Port            [5]   6   50203                    

007787: Aug  2 11:30:56.260: RADIUS:  NAS-Port-Id         [87]  20  "GigabitEthernet2/3"

007788: Aug  2 11:30:56.260: RADIUS:  State               [24]  18 

007789: Aug  2 11:30:56.260: RADIUS:   53 42 52 2D 43 48 20 33 37 30 38 39 7C 31 31 00   [ SBR-CH 37089|11]

007790: Aug  2 11:30:56.260: RADIUS:  NAS-IP-Address      [4]   6   192.168.109.17           

007791: Aug  2 11:31:00.876: RADIUS: Received from id 1645/104 10.253.145.72:1812, Access-Accept, len 370

007792: Aug  2 11:31:00.876: RADIUS:  authenticator 45 04 06 51 A8 57 14 47 - 66 40 B5 61 B8 D6 50 6C

007793: Aug  2 11:31:00.876: RADIUS:  Class               [25]  142

007794: Aug  2 11:31:00.876: RADIUS:   53 42 52 32 43 4C DA E5 D3 DA BF B6 B3 E1 CE 80 11 80 79 01 80 04 81 99 8C 86 80 02 80 0C 81 B0 DB CE D7 83 85 DA AE B2 99 AD F0 12 80 0E 81 DA E5 D3 DA BF B6 B3 E1 CE 80 85 8A CB 94 14 80 4A 81 FF C6 EE DB E7 A0 86 FB DB B3 E6 E4 81 EB 91 E6 EA F0 E9 E1 D4 CD 99 CF DA BF E5 B7 AF DB D0 84 BB FC F4 90 BA 90 96 C4 F1 F3 E7 FF F4 99 D8 F1 FC E1 A9 E6 F8 C0 D5 EC 8E C1 AA A5 CB CC B3 F6 B6 D2 B5 CF AA CC DB A3 F7 86 C0          [ SBR2CLyJ]

007795: Aug  2 11:31:00.876: RADIUS:  Tunnel-Type         [64]  6   00:VLAN                   [13]

007796: Aug  2 11:31:00.876: RADIUS:  Tunnel-Private-Group[81]  7   00:"143 "

007797: Aug  2 11:31:00.876: RADIUS:  Tunnel-Medium-Type  [65]  6   00:ALL_802                [6]

007798: Aug  2 11:31:00.876: RADIUS:  Class               [25]  73 

007799: Aug  2 11:31:00.880: RADIUS:   53 42 52 32 43 4C DA E5 D3 DA BF B6 B3 E1 CE 80 11 80 34 01 80 02 81 9B 80 02 80 18 81 AE 97 89 94 F2 D1 8A D2 A7 90 A9 C5 E3 85 DC F5 B8 98 AD D2 F3 91 CA EF 12 80 0E 81 DA E5 D3 DA BF B6 B3 E1 CE 80 85 8A CB 94           [ SBR2CL4]

007800: Aug  2 11:31:00.880: RADIUS:  Vendor, Microsoft   [26]  58 

007801: Aug  2 11:31:00.880: RADIUS:   MS-MPPE-Recv-Key   [17]  52  *

007802: Aug  2 11:31:00.880: RADIUS:  Vendor, Microsoft   [26]  58 

007803: Aug  2 11:31:00.880: RADIUS:   MS-MPPE-Send-Key   [16]  52  *

007804: Aug  2 11:31:00.956: RADIUS(00000011): Received from id 1645/104

007805: Aug  2 11:31:00.968: dot1x-ev(Gi2/3): Received an EAP Fail

007806: Aug  2 11:31:00.980: dot1x-sm(Gi2/3): Posting EAP_FAIL for 0x58000007

007807: Aug  2 11:31:00.980:     dot1x_auth_bend Gi2/3: during state auth_bend_response, got event 10(eapFail)

007808: Aug  2 11:31:00.980: @@@ dot1x_auth_bend Gi2/3: auth_bend_response -> auth_bend_fail

007809: Aug  2 11:31:00.980: dot1x-sm(Gi2/3): 0x58000007:auth_bend_response_exit called

007810: Aug  2 11:31:00.980: dot1x-sm(Gi2/3): 0x58000007:auth_bend_fail_enter called

007811: Aug  2 11:31:00.980: dot1x-sm(Gi2/3): 0x58000007:auth_bend_response_fail_action called

007812: Aug  2 11:31:00.980:     dot1x_auth_bend Gi2/3: idle during state auth_bend_fail

007813: Aug  2 11:31:00.980: @@@ dot1x_auth_bend Gi2/3: auth_bend_fail -> auth_bend_idle

007814: Aug  2 11:31:00.980: dot1x-sm(Gi2/3): 0x58000007:auth_bend_idle_enter called

007815: Aug  2 11:31:01.000: dot1x-sm(Gi2/3): Posting AUTH_FAIL on Client 0x58000007

007816: Aug  2 11:31:01.000:     dot1x_auth Gi2/3: during state auth_authenticating, got event 15(authFail)

007817: Aug  2 11:31:01.000: @@@ dot1x_auth Gi2/3: auth_authenticating -> auth_authc_result

007818: Aug  2 11:31:01.000: dot1x-sm(Gi2/3): 0x58000007:auth_authenticating_exit called

007819: Aug  2 11:31:01.000: dot1x-sm(Gi2/3): 0x58000007:auth_authc_result_enter called

007820: Aug  2 17:01:01: %DOT1X-5-FAIL: Authentication failed for client (047d.7b35.a381) on Interface Gi2/3

007831: Aug  2 11:31:01.004: dot1x-ev(Gi2/3): Sending EAPOL packet to group PAE address

007832: Aug  2 11:31:01.004: dot1x-ev(Gi2/3): Role determination not required

007833: Aug  2 11:31:01.004: dot1x-registry:registry:dot1x_ether_macaddr called

007834: Aug  2 11:31:01.004: dot1x-ev(Gi2/3): Sending out EAPOL packet

007835: Aug  2 11:31:01.004: EAPOL pak dump Tx

007836: Aug  2 11:31:01.004: EAPOL Version: 0x2  type: 0x0  length: 0x0004

007837: Aug  2 11:31:01.004: EAP code: 0x4  id: 0xD  length: 0x0004

007838: Aug  2 11:31:01.004: dot1x-packet(Gi2/3): EAPOL packet sent to client 0x58000007 (047d.7b35.a381)

007839: Aug  2 11:31:04.776: dot1x-ev(Gi2/3): Interface state changed to DOWN

007840: Aug  2 11:31:04.776: dot1x-ev(Gi2/3): Deleting client 0x58000007 (047d.7b35.a381)

007841: Aug  2 11:31:04.776: dot1x-ev:Delete auth client (0x58000007) message

007842: Aug  2 11:31:04.776: dot1x-ev:Auth client ctx destroyed

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hello Sagar,

We're getting closer.

There appears to be a very subtle typo in the Tunnel-Private-Group-ID attribute: notice that its value is "143". This could be the cause of the problem - combining a whitespace character with the VLAN ID that the switch cannot understand. Please double-check the configuration of the RADIUS server and make sure that the value stored in the Tunnel-Private-Group-ID does not contain any whitespace.

Please keep me informed!

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hi Peter,

Thanks you for your response.!!!

I have checked and and could not find any typo error in the attribute options. Is there a possibilty of a bug in the IOS..?

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hello Sagar,

I apologize for getting back to you after such a long delay.

Can you try capturing the RADIUS communication on the RADIUS server using Wireshark, store it in a file and post it here? It would be most helpful if I could see and analyze the messages in detail.

Thank you - and once again, please accept my apologies.

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hi Peter,

I apologise for the late response... I would not be able to share the capture due to security policies of the organisation.... Would not be able to upload here... Can try sending it to you through mail if you can share your mail id...

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hi Sagar,

I also apologize for my late reply here. My e-mail is Peter.Paluch@fri.uniza.sk - it is also publicly shown on my CSC profile.You are welcome to send the capture there.

Best regards,

Peter

Need help on dynamic vlan assignment through dot1x

Hi Peter,

The implementation is now working successfully as tested yesterday. There was a setting difference which had to be done on the Client (Laptop) i.e. i changed the authentication method from Microsoft PEAP to Cisco PEAP and it all started working fine. Please could you help me to understand why this difference. Microsoft PEAP uses MSCHAP V2 and Cisco PEAP uses OTP. Is there some compatibility issue with Microsoft PEAP with respect to the Cisco switches or is this an IOS limitation.

As of now i can say that if i use Cisco PEAP it works as expected. Thanks al lot for all your help and support till now.

I appreciate all the help you could provide in resolving this issue...!!!!

Need help on dynamic vlan assignment through dot1x

Hi Peter,

Hope you are doing well... I had sent you the packet captures last week for both MS-CHAPv2 and Cisco PEAP.

Have you recevied the attachments.... Desperately waiting for your analysis on this...

Thanks once again for all the help...

Cisco Employee

Need help on dynamic vlan assignment through dot1x

Hi,

I've just sent you an e-mail.

Best regards,

Peter

1649
Views
0
Helpful
25
Replies
CreatePlease to create content