Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dot1x-err: Trunk port being Authorized!! ?

Hello,

I`ve configured dot1x on the switch & test laptop (XP sp2, NIC Intel PRO/100 VE ).

See error message (debug dot1x all) below

Error message:

010451: 10w4d: dot1x-err:Dot1x is supportedonly on Access,Routed and private-vlan host modes.Trunk port being Authorized!! som

ething went wrong

010452: 10w4d: dot1x-err:Port wouldn't come up. Failing authorization.

Here is port configuration:

interface GigabitEthernet0/15

switchport access vlan 240

switchport mode access

dot1x port-control auto

dot1x timeout reauth-period 3000

dot1x guest-vlan 520

dot1x reauthentication

spanning-tree portfast

!

Log from MS IAS server

Event Type: Information

Event Source: IAS

Event Category: None

Event ID: 1

Date: 04.09.2006

Time: 12:56:52

User: N/A

Computer: UKR-KIE-DC-02

Description:

User Domain\username was granted access.

Fully-Qualified-User-Name = domain.com/LDU_Users/Kiev/users/Mobile/Username

NAS-IP-Address = 10.170.60.1

NAS-Identifier = <not present>

Client-Friendly-Name = ukr-kie-swh-01

Client-IP-Address = 10.170.60.1

Calling-Station-Identifier = 00-0E-7B-6B-7F-17

NAS-Port-Type = Ethernet

NAS-Port = 50015

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = vlan 480

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

IOS Version

c3560-ipbase-mz.122-25.SEB4

cat3560#sh dot1x interface gigabitEthernet 0/15

Supplicant MAC 000e.7b6b.7f17

AuthSM State = AUTHENTICATED

BendSM State = IDLE

PortStatus = AUTHORIZED

MaxReq = 2

MaxAuthReq = 2

HostMode = Single

PortControl = Auto

QuietPeriod = 60 Seconds

Re-authentication = Enabled

ReAuthPeriod = 3000 Seconds

ServerTimeout = 30 Seconds

SuppTimeout = 30 Seconds

TxPeriod = 30 Seconds

Guest-Vlan = 520

cat3560#sh dot1x statistics interface gigabitEthernet 0/15

PortStatistics Parameters for Dot1x

--------------------------------------------

TxReqId = 2 TxReq = 12 TxTotal = 14

RxStart = 0 RxLogoff = 0 RxRespId = 1 RxResp = 11

RxInvalid = 0 RxLenErr = 0 RxTotal = 12

RxVersion = 1 LastRxSrcMac = 000e.7b6b.7f17

3 REPLIES

Re: dot1x-err: Trunk port being Authorized!! ?

Hi,

are you sure no further dot1x config is present on a trunk port in the switch?

Regards, Martin

New Member

Re: dot1x-err: Trunk port being Authorized!! ?

cat3560#sh dot1x all

Dot1x Info for interface GigabitEthernet0/15

----------------------------------------------------

Supplicant MAC 0008.0d3b.41ca

AuthSM State = AUTHENTICATED

BendSM State = IDLE

PortStatus = AUTHORIZED

MaxReq = 2

MaxAuthReq = 2

HostMode = Single

PortControl = Auto

QuietPeriod = 60 Seconds

Re-authentication = Enabled

ReAuthPeriod = 3000 Seconds

ServerTimeout = 30 Seconds

SuppTimeout = 30 Seconds

TxPeriod = 30 Seconds

Guest-Vlan = 520

New Member

Re: dot1x-err: Trunk port being Authorized!! ?

cat3560#sh dot1x all

Dot1x Info for interface GigabitEthernet0/15

----------------------------------------------------

Supplicant MAC 0008.0d3b.41ca

AuthSM State = AUTHENTICATED

BendSM State = IDLE

PortStatus = AUTHORIZED

MaxReq = 2

MaxAuthReq = 2

HostMode = Single

PortControl = Auto

QuietPeriod = 60 Seconds

Re-authentication = Enabled

ReAuthPeriod = 3000 Seconds

ServerTimeout = 30 Seconds

SuppTimeout = 30 Seconds

TxPeriod = 30 Seconds

Guest-Vlan = 520

330
Views
0
Helpful
3
Replies