I'm trying to configure MAC Auth against ACS. All documentation I found says it works..however EAPOL must be disabled so the switch can consider it as agentless host, and initiates the MAC authentication bypass process.
However, I can't seem to be able to disable EAPOL on WinXP..therefore can't get MAC bypass to work.
dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet1/0/34
EAPOL pak dump Tx
EAPOL Version: 0x2 type: 0x0 length: 0x0004
EAP code: 0x3 id: 0x1 length: 0x0004
dot1x-packet:dot1x_auth_txCannedSuccess: EAPOL packet sent out for the default authenticator
I see no evidence of 1X on the PC from the debug. Actually, you're enabled for 1X, but also in a force-authorized mode. You'll need to add "dot1x port-control auto" for it to work correctly, and deny access until you authenticate.
0 - Computer authentication mode. If computer authentication is successful, no user authentication is attempted. If the user logon is successful before computer authentication, user authentication is performed. This is the default setting for Windows XP (prior to Service Pack 1).
1 - Computer authentication with re-authentication. If computer authentication is successful, a subsequent user logon results in a re-authentication with user credentials. The user logon has to complete in 60 seconds or the existing network connectivity is terminated. The user credentials are used for subsequent authentication or re-authentication. Computer authentication is not attempted again until the user logs off the computer. This is the default setting for Windows XP Service Pack 1 (SP1) and Windows Server 2003.
2 - Computer authentication only. When a user logs on, it has no effect on the connection. Only computer authentication is performed. The exception to this behavior is when a user successfully logs on, and then roams between wireless APs. In that case, user authentication is performed. For changes to this setting to take effect, restart the Wireless Zero Configuration service for Windows XP or Windows Server 2003.
SupplicantMode has the following values:
1 - Do not transmit. Specifies that EAPOL-Start messages are not sent.
2 - Transmit. Determines when to send EAPOL-Start messages and, if needed, sends an EAPOL-Start message.
3 - Transmit per 802.1x. Sends an EAPOL-Start message upon association to initiate the 802.1X authentication process.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...