Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Dot1x reauthentication

KennyP
Occasional Contributor

Dot1x reauthentication

I'm having an probelm with my machines when it comes to the Dot1x reauthentication process. They're dropping connection for a long period of time when the timer hits. Here are my configs:dot1x
dot1x retry 3
dot1x timer reauth-period 3600
dot1x authentication-method eap

interface gi1/0/26

port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan XXX tagged
port hybrid vlan UU untagged
port hybrid pvid vlan UU
undo voice vlan mode auto
voice vlan XXX enable
loopback-detection enable
loopback-detection action shutdown
bpdu-drop any
poe enable
stp edged-port enable
lldp compliance admin-status cdp txrx
dot1x re-authenticate
undo dot1x handshake
dot1x port-method portbased
dot1x

Is there a command for the machine to maintian connection during the reauthentication process?? Thanks for your help also!! 

 

1 REPLY
KennyP
Occasional Contributor

Re: Dot1x reauthentication

I forgot to note that this is for Cisco ACS 5.8  also here is the debugging I pulled down last night. 

*Jul  4 09:35:09:729 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received an EAPOL packet.

*Jul  4 09:35:09:731 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Auth:0,Received Packet Type: EAPOL-LOGOFF.

*Jul  4 09:35:09:732 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,No resource exists.

*Jul  4 09:35:18:003 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received an EAPOL packet.

*Jul  4 09:35:18:005 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,No resource exists.

*Jul  4 09:35:18:007 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Alloc or search resource successfully.

*Jul  4 09:35:18:008 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Band the resource to port successfully.

*Jul  4 09:35:18:011 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received Packet Type: EAPOL-START.

*Jul  4 09:35:18:012 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Send Msg EAPOL-START to 802.1X-Msg-Queue successfully.

*Jul  4 09:35:18:016 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Msg:EAP-START, Supplicant->Authenticator.

*Jul  4 09:35:18:017 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:1, Current state:1

*Jul  4 09:35:18:019 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Processing node CONNECTING...

*Jul  4 09:35:18:020 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,

Send shakehanding-pkt without proxy-chk tag

*Jul  4 09:35:18:022 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Transmitted a packet.

---Verbose information of the packet---

Destination Mac Address: c8d3-ff77-e114

Source Mac Address: 4431-92fc-23a0

Mac Frame Type: 888e.

Protocol Version ID: 1.

Packet Type: 0.

Packet Length: 5.

-----Packet Body-----

Code: 1.

Identifier: 1.

Length: 5.

*Jul  4 09:35:18:031 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received an EAPOL packet.

*Jul  4 09:35:18:032 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received Packet Type: EAPOL-PACKET.

*Jul  4 09:35:18:034 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,EAP Type: Response.

*Jul  4 09:35:18:035 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Resource exists.

*Jul  4 09:35:18:037 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Auth:228,Code Type: Identity.

*Jul  4 09:35:18:038 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,  lookup user ip from arp snooping .

*Jul  4 09:35:18:040 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Sent EAP Msg to 802.1X-Msg-Queue successfully.

*Jul  4 09:35:18:041 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,End processing the packet received.

---Verbose information of the packet---

Destination Mac Address: 0180-c200-0003

Source Mac Address: c8d3-ff77-e114

Mac Frame Type: 888e.

Protocol Version ID: 1.

Packet Type: 0.

Packet Length: 47.

-----Packet Body-----

Code: 2.

Identifier: 1.

Length: 47.

*Jul  4 09:35:18:044 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Msg: Continue.

*Jul  4 09:35:18:046 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:265, Current state:3

*Jul  4 09:35:18:047 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Processing node EAP relay...

*Jul  4 09:35:18:065 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Msg: ACM authentication continue.

*Jul  4 09:35:18:067 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:20482, Current state:14

*Jul  4 09:35:18:069 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Transmitted a packet.

---Verbose information of the packet---

Destination Mac Address: c8d3-ff77-e114

Source Mac Address: 4431-92fc-23a0

Mac Frame Type: 888e.

Protocol Version ID: 1.

Packet Type: 0.

Packet Length: 6.

-----Packet Body-----

Code: 1.

Identifier: f3.

Length: 6.

*Jul  4 09:35:18:093 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received an EAPOL packet.

*Jul  4 09:35:18:095 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received Packet Type: EAPOL-PACKET.

*Jul  4 09:35:18:096 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,EAP Type: Response.

*Jul  4 09:35:18:098 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Resource exists.

*Jul  4 09:35:18:099 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Auth:228, Code Type: EAP-TLS.

*Jul  4 09:35:18:102 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Sent EAP Msg to 802.1X-Msg-Queue successfully.

*Jul  4 09:35:18:103 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,End processing the packet received.

---Verbose information of the packet---

Destination Mac Address: 0180-c200-0003

Source Mac Address: c8d3-ff77-e114

Mac Frame Type: 888e.

Protocol Version ID: 1.

Packet Type: 0.

Packet Length: 740.

-----Packet Body-----

Code: 2.

Identifier: f3.

Length: 740.

*Jul  4 09:35:18:110 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Msg: Continue.

*Jul  4 09:35:18:111 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:265, Current state:14

*Jul  4 09:35:18:113 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Processing node EAP relay...

*Jul  4 09:35:18:125 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Msg: ACM authentication continue.

*Jul  4 09:35:18:126 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:20482, Current state:14

*Jul  4 09:35:18:128 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Transmitted a packet.

---Verbose information of the packet---

Destination Mac Address: c8d3-ff77-e114

Source Mac Address: 4431-92fc-23a0

Mac Frame Type: 888e.

Protocol Version ID: 1.

Packet Type: 0.

Packet Length: 151.

-----Packet Body-----

Code: 1.

Identifier: f4.

Length: 151.

*Jul  4 09:35:18:135 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received an EAPOL packet.

*Jul  4 09:35:18:136 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Received Packet Type: EAPOL-PACKET.

*Jul  4 09:35:18:139 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,EAP Type: Response.

*Jul  4 09:35:18:140 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Resource exists.

*Jul  4 09:35:18:142 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Auth:228, Code Type: EAP-TLS.

*Jul  4 09:35:18:143 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Sent EAP Msg to 802.1X-Msg-Queue successfully.

*Jul  4 09:35:18:145 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,End processing the packet received.

---Verbose information of the packet---

Destination Mac Address: 0180-c200-0003

Source Mac Address: c8d3-ff77-e114

Mac Frame Type: 888e.

Protocol Version ID: 1.

Packet Type: 0.

Packet Length: 69.

-----Packet Body-----

Code: 2.

Identifier: f4.

Length: 69.

*Jul  4 09:35:18:153 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Msg: Continue.

*Jul  4 09:35:18:155 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:265, Current state:14

*Jul  4 09:35:18:156 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Processing node EAP relay...

%Jul  4 09:35:18:187 2000 802.1x Test Switch RDS/6/RDS_SUCC: -IfName=GigabitEthernet1/0/25-VlanId=20-MACAddr=C8:D3:FF:77:E1:14-IPAddr=N/A-IPv6Addr=N/A-UserName=host/MUHJL-CS2PP3.AREA52.AFNOAPPS.USAF.MIL@tacacs; User got online successfully.

*Jul  4 09:35:18:196 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Msg: Auth request ack for succeed, ACM->1X.

*Jul  4 09:35:18:197 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:260, Current state:14

*Jul  4 09:35:18:199 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Processing node SUCCESS...

*Jul  4 09:35:18:200 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,DOT1x received receive radius key from ACM

*Jul  4 09:35:18:203 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,DOT1x received send key from ACM

*Jul  4 09:35:18:204 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Accept new authorization information.

*Jul  4 09:35:18:205 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,

Received a Vlan authorizaion notification:MAC=c8d3-ff77-e114, CMD=1, ResultCode=0

*Jul  4 09:35:18:207 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:22, Current state:7

*Jul  4 09:35:18:209 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Processing node success trans...

*Jul  4 09:35:18:210 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Processing node SUCCESS...

*Jul  4 09:35:18:211 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Author operation finished!

*Jul  4 09:35:18:213 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Received Msg:29, Current state:7

*Jul  4 09:35:18:214 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,Processing node success trans...

*Jul  4 09:35:18:217 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,DOT1X_Auth_SuccessTrans Received MSG:SC_MSG_AUTHOR_FINISH

 

 

*Jul  4 09:35:18:218 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Processing node WORKING...

*Jul  4 09:35:18:702 2000 802.1x Test Switch 8021X/7/EVENT: Port:GigabitEthernet1/0/25,Auth:228,

The user ip address:0.0.0.0

*Jul  4 09:35:18:704 2000 802.1x Test Switch 8021X/7/EVENT: Auth:228,Sending EAPoL-Success...

*Jul  4 09:35:18:706 2000 802.1x Test Switch 8021X/7/PACKET: Port:GigabitEthernet1/0/25,Transmitted a packet.

---Verbose information of the packet---

Destination Mac Address: c8d3-ff77-e114

Source Mac Address: 4431-92fc-23a0

Mac Frame Type: 888e.

Protocol Version ID: 1.

Packet Type: 0.

Packet Length: 4.

-----Packet Body-----

Code: 3.

Identifier: f4.

Length: 4.