Hello Gurus,
I am trying to implement 802.1x port authentication for a small company. Here is the test setup: Client : Windows 2000 Prof SP4 Switch : Cisco 2950 Authenticator : Microsoft IAS
I have read the documentation for setting up the IAS and the Windows
2000 supplicant. No matter what type of authentication I use, PEAP or MD5, I am unable to authenticate the port. I have synchronised the IAS server with Active Directory. After checking the debug logs on the switch, here is what I found : I have marked the debug event which I think could be the reason. I have also tried checking IAS logs but they dont help, neither does the event log for windows. I am not sure if this is the right group but I decided to post it,006645: 9w2d: dot1x-ev:EAP-code=REQUEST
006646: 9w2d: dot1x-ev:EAP Type= IDENTITY 006647: 9w2d: dot1x-ev:ID=0006648: 9w2d: dot1x-registry:registry:dot1x_ether_macaddr called
006649: 9w2d: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/16006650: 9w2d: dot1x-ev:Received pkt saddr =xxxx.xxxx.xxxx, daddr = xxxx.xxxx.xxxx,pae-ether-type = 34958
006651: 9w2d: dot1x-ev:Found a supplicant block for mac 0010.a4e4.f1e3 80D86C64006652: 9w2d: dot1x-packet:Received an EAP packet on interface FastEthernet0/16
006653: 9w2d: dot1x_auth Fa0/16: during state auth_connecting, got event 6(r xRespId) 006654: 9w2d: @@@ dot1x_auth Fa0/16: auth_connecting ->auth_authenticating
006655: 9w2d: dot1x-sm:Fa0/16:xxxx.xxxx.xxxx:auth_connecting_exit alled 006656: 9w2d: dot1x-sm:Fa0/16:xxxx.xxxx.xxxx:auth_authenticating_enter called 006657: 9w2d: dot1x-ev:sending AUTH_START to BEND for supp_info=80D86C64006658: 9w2d: dot1x-sm:Fa0/16:xxxx.xxxx.xxxx:auth_connecting_authenticating_acti on called
006659: 9w2d: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D86 C64 006660: 9w2d: dot1x_bend Fa0/16: during state dot1x_bend_idle, got event 1(a uth_start) 006661: 9w2d: @@@ dot1x_bend Fa0/16: dot1x_bend_idle ->dot1x_bend_response
006662: 9w2d: dot1x-sm:Dot1x Response State Entered for supp_info=80D86C64 hwidb =807B1B18, swidb=807B2E6C on intf=Fa0/16006663: 9w2d: dot1x-ev:Managed Timer in sub-block attached as leaf to master
006664: 9w2d: dot1x-sm:Started the ServerTimeout Timer 006665: 9w2d: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and length = 19 006666: 9w2d: dot1x-ev:Got a Request from SP to send it to Radius with id 116 006667: 9w2d: dot1x-ev:Couldn't Find a process thats already handling the reques t for this id 0 006668: 9w2d: dot1x-ev:Inserted the request on to list of pending requests 006669: 9w2d: dot1x-ev:Found a free slot at slot 0 006670: 9w2d: dot1x-ev:Found a free slot at slot 0 006671: 9w2d: dot1x-ev:Request id = 116 and length = 19 006672: 9w2d: dot1x-ev:The Interface on which we got this AAA Request is FastEth ernet0/16 006673: 9w2d: dot1x-ev:Username is domain\\username 006674: 9w2d: dot1x-ev:MAC Address is xxxx.xxxx.xxxx 006675: 9w2d: dot1x-ev:RemAddr is xxxx.xxxx.xxxx/xxxx.xxxx.xxxx ********************************************************************************************************* The authentication information is being recvd by the switch, I can't understand this error. 006676: 9w2d: dot1x-err:EAP packet not recvd ******************************************************************************************************* 006677: 9w2d: dot1x-ev:going to send to backend on SP, length = 4 006678: 9w2d: dot1x-ev:Received VLAN is No Vlan 006679: 9w2d: dot1x-ev:Enqueued the response to BackEnd 006680: 9w2d: dot1x-ev:Received QUEUE EVENT in response to AAA Request 006681: 9w2d: dot1x-ev:Dot1x matching request-response found 006682: 9w2d: dot1x-ev:Length of recv eap packet from radius = 4 006683: 9w2d: dot1x-ev:Received VLAN Id -1 006684: 9w2d: dot1x_bend Fa0/16: during state dot1x_bend_response, got event 3(afail) 006685: 9w2d: @@@ dot1x_bend Fa0/16: dot1x_bend_response ->dot1x_bend_fail
006686: 9w2d: dot1x-sm:Dot1x Failure State Entered 006687: 9w2d: dot1x-ev:dot1x_bend_fail_enter:xxxx.xxxx.xxxx: Current ID=0006688: 9w2d: dot1x-ev:dot1x_bend: Sending Radius Response to Supplicant of leng th 4
006689: 9w2d: dot1x-ev:dot1x_tx_eap: EAP Ptk 006690: 9w2d: dot1x-ev:EAP-code=FAILURE 006691: 9w2d: dot1x-ev:EAP Type= Unknown 006692: 9w2d: dot1x-ev:ID=0006693: 9w2d: dot1x-registry:registry:dot1x_ether_macaddr called
006694: 9w2d: dot1x_bend Fa0/16: idle during state dot1x_bend_fail 006695: 9w2d: @@@ dot1x_bend Fa0/16: dot1x_bend_fail -> dot1x_bend_idle 006696: 9w2d: dot1x-sm:Dot1x Idle State Entered 006697: 9w2d: dot1x_auth Fa0/16: during state auth_authenticating, got event 8(authFail) 006698: 9w2d: @@@ dot1x_auth Fa0/16: auth_authenticating -> auth_held 006699: 9w2d: dot1x-sm:Fa0/16xxxx.xxxx.xxxx:auth_held_enter called 006700: 9w2d: dot1x-sm: dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE D 006701: 9w2d: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface Fa stEthernet0/16 006702: 9w2d: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state U NAUTHORIZEDthanks Ankit