Chào mọi người,
Mọi người giúp mình case này như sau:
triển khai port-base 802.1x trên switch 2950 xác thực bằng Radius của Microsoft (dùng IAS). Mình triển khai IAS hình như kô thành công thì phải. First, mình dùng ACS của Cisco thì ok, sau đó đổi qua IAS thì ko được.
Mình đã vào trang microsoft và đọc file help của IAS, cấu hình theo hướng dẫn nhưng vẫn ko được. Trong quá trình debug thì có xuất hiện lỗi khi dùng lệnh như 'show dot1x interface f0/4' báo là port unauthorised (mình ko cấu hình và cũng ko bật tính năng authorised). Sau đậy là file cầu hình switch:
DC (radius server) cùng subnet có ip là 192.168.1.100 (vlan 1)
aaa new-model
aaa authentication dot1x default group radius
!
username nsp privilege 15 password 0 nsp
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
dot1x system-auth-control
!
!
interface FastEthernet0/1
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode access
dot1x port-control auto
dot1x guest-vlan 2
spanning-tree portfast
!
interface FastEthernet0/3
switchport mode access
dot1x port-control auto
dot1x guest-vlan 2
spanning-tree portfast
!
interface FastEthernet0/4
switchport mode access
dot1x port-control auto
dot1x guest-vlan 2
spanning-tree portfast
!
interface FastEthernet0/5
spanning-tree portfast
!
interface FastEthernet0/6
spanning-tree portfast
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 172.16.1.254 255.255.255.0
ip helper-address 192.168.1.100
no ip route-cache
shutdown
!
ip http server
radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 key abc
radius-server retransmit 3
Switch#sho ip int b
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.254 YES manual up up
Vlan2 172.16.1.254 YES manual administratively down down
FastEthernet0/1 unassigned YES unset up up
Switch#sho dot1x interface f0/4
Supplicant MAC 001c.c063.a4d1
AuthSM State = HELD
BendSM State = IDLE
PortStatus = UNAUTHORIZED
MaxReq = 2
HostMode = Single
Port Control = Auto
QuietPeriod = 60 Seconds
Re-authentication = Disabled
ReAuthPeriod = 3600 Seconds
ServerTimeout = 30 Seconds
SuppTimeout = 30 Seconds
TxPeriod = 30 Seconds
Guest-Vlan = 2
Debug lên thì thấy
01:05 dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet0/4
01:05 dot1x-registry:dot1x_port_linkcomingup invoked on interface FastEthernet0/4
01:05 dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface FastEthernet0/4
01:05:50: dot1x_auth Fa0/4: initial state auth_initialize has enter
01:05 dot1x-sm:Fa0/4:0000.0000.0000:auth_initialize_enter called
01:05 dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0
01:05 dot1x_auth Fa0/4:
Switch# during state auth_initialize, got event 0(cfg_auto)
01:05 @@@ dot1x_auth Fa0/4: auth_initialize -> auth_disconnected
01:05 dot1x-sm:Fa0/4:0000.0000.0000:auth_disconnected_enter_action called
01:05 dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZED
01:05 dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:05 dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUTHORIZED
01:05 dot1x-ev:dot
Switch#1x_update_port_status: using mac 0000.0000.0000 to send port to unauthorized on vlan 0
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05:50: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on FastEthernet0/4
01:05 dot1x-ev: GuestVlan configured=0
01:05 dot1x-ev:supplicant 0000.0000.0000 is default
01:05 dot1x-ev:supplicant 0000.0000.0000 is last
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA3780
Switch#1:05 dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/4
01:05 dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:05 dot1x-ev:Enter function dot1x_aaa_acct_end
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05 dot1x_auth Fa0/4: idle during state auth_disconnected
01:05 @@@ dot1x_auth Fa0/4: auth_disconnected -> auth_connecting
01:05 dot1x-sm:Fa0/4:0000.0000.0000:auth_connecting_enter called
01:05 dot1x_bend Fa0/4: initial state dot1x_bend_initialize has enter
01:05 dot1x-sm:Dot1x Initialize State Entered
01:05:50: dot1x_bend Fa0/4: initial state dot1x_bend_initialize has idle
01:05:50: dot1x_bend Fa0/4: during state dot1x_bend_initialize, got event 16383(idle)
01:05 @@@ dot1x_bend Fa0/4: dot1x_bend_initialize -> dot1x_bend_idle
01:05 dot1x-smot1x Idle State Entered
01:05 dot1x-ev:Created port supplicant block 0000.0000.0000 expected_id=0 current_id=0
01:05 dot1x-ev:dot1x_init_sb_oper_infoefault port supplicant at memloc 80CDA378
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
01:05 dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=1
01:05 dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:05 dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/4)
01:05 dot1x-registry:registry:dot1x_ether_macaddr called
01:05 dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0003, et 888E (Fa0/4)
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000
01:05 dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:05 dot1x-packet:Tx EAP-Request(Id), id 1, ve
Switch#r 1, len 5 (Fa0/4)
01:05 dot1x-registry:registry:dot1x_ether_macaddr called
01:05 dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0003, et 888E (Fa0/4)
01:05 dot1x-ev:Received an EAPOL frame on interface FastEthernet0/4
01:05 dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/4)
01:05 dot1x-packet:Rx sa=001c.c063.a4d1, da=0180.c200.0003, et 888E (Fa0/4)
01:05 dot1x-ev:Couldn't find a supplicant block for mac 001c.c063.a4d1
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05 dot1x_auth Fa0/4: initial state auth_initialize has enter
01:05 dot1x-sm:Fa0/4:001c.c063.a4d1:auth_initialize_enter called
01:05 dot1x-ev:auth_initialize_enter:001c.c063.a4d1: Current ID=0
01:05 dot1x_auth Fa0/4: during state auth_initialize, got event 0(cfg_auto)
01:05 @@@ dot1x_auth Fa0/4: auth_initialize -> auth_disconnected
01:05 dot1x-sm:Fa0/4:001c.c063.a4d1:auth_disconnected_enter_action called
01:05 dot1x-sm:
dot1x_update_por
01:05 dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:05 dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vl
Switch#an=0 on FastEthernet0/4
01:05 dot1x-ev: GuestVlan configured=0
01:05 dot1x-ev:supplicant 001c.c063.a4d1 is last
01:05 dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:05 dot1x-ev:001c.c063.a4d1 is now unauthorized on port FastEthernet0/4
01:05 dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:05 dot1x-ev:Enter function dot1x_aaa_acct_end
01:05 dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
Switch#
01:05:51: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:05 dot1x_auth Fa0/4: idle during state auth_disconnected
01:05 @@@ dot1x_auth Fa0/4: auth_disconnected -> auth_connecting
01:05 dot1x-sm:Fa0/4:001c.c063.a4d1:auth_connecting_enter called
01:05 dot1x_bend Fa0/4: initial state dot1x_bend_initialize has enter
01:05 dot1x-smot1x Initialize State Entered
01:05 dot1x_bend Fa0/4: initial state dot1x_bend_initialize has idle01:05
Switch# dot1x_bend Fa0/4: during state dot1x_bend_initialize, got event 16383(idle)
01:05 @@@ dot1x_bend Fa0/4: dot1x_bend_initialize -> dot1x_bend_idle
01:05 dot1x-sm:Dot1x Idle State Entered
01:05 dot1x-ev:Created port supplicant block 001c.c063.a4d1 expected_id=1 current_id=1
01:05:51: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:dot1x
Switch#_post_message_to_auth_sm: Tx for req_id for supplicant 001c.c063.a4d1
01:05 dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:05 dot1x-packet:Tx EAP-Request(Id), id 0, ver 1, len 5 (Fa0/4)
01:05 dot1x-registry:registry:dot1x_ether_macaddr called
01:05 dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0003, et 888E (Fa0/4)
01:05 %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to up
Switch#
01:06:05: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/4
01:06:05: dot1x-packet:Rx EAP-Response(Id), id 0, ver 1, len 27 (Fa0/4)
01:06:05: dot1x-packet:Rx sa=001c.c063.a4d1, da=0180.c200.0003, et 888E (Fa0/4)
01:06:05: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:05: dot1x_auth Fa0/4: during state auth_connecting, got event 6(rxRespId)
01:06:05: @@@ dot1x_auth Fa0/4: auth_connecting -> auth_authenticating
01:06:05: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_c
Switch#onnecting_exit alled
01:06:05: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_authenticating_enter called
01:06:05: dot1x-ev:sending AUTH_START to BEND for supp_info=80D1E640
01:06:05: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_connecting_authenticating_ac tion called
01:06:05: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D1E640
01:06:05: dot1x_bend Fa0/4: during state dot1x_bend_idle, got event 1(auth_start)
01:06:05: @@@ dot1x_bend Fa0/4: dot1x_bend_idle -> dot1x_bend_response
01:06:05: dot1x-s
Switch#m:Dot1x Response State Entered for supp_info=80D1E640 hwidb=807A0EEC, swidb=807A2240 on intf=Fa0/4
01:06:05: dot1x-ev:Managed Timer in sub-block attached as leaf to master
01:06:05: dot1x-sm:Started the ServerTimeout Timer
01:06:05: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and length = 27
01:06:05: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967276
01:06:05: dot1x-ev:Couldn't Find a process thats already handling the request for this id 0
01:06:06: dot1x-ev:
Switch#Inserted the request on to list of pending requests
01:06:06: dot1x-ev:Found a free slot at slot 0
01:06:06: dot1x-ev:Found a free slot at slot 0
01:06:06: dot1x-ev:Request id = -20 and length = 27
01:06:06: dot1x-ev:The Interface on which we got this AAA Request is FastEthernet0/4
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Username is abc@nsp.com
01:06:06: dot1x-ev:MAC Address is 001c.c063.a4d1
01:06:06: dot1x-ev:RemAddr is 00-1C-C0-
Switch#63-A4-D1/00-15-62-43-AF-44
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-err:Dot1x Authentication failed (AAA_AUTHEN_STATUS_FAIL)
01:06:06: dot1x-err:EAP packet not recvd
01:06:06: dot1x-ev:going to send to backend on SP, length = 4
01:06:06: dot1x-ev:Received VLAN is No Vlan
01:06:06: dot1x-ev:Enqueued the response to BackEnd
01:06:06: dot1x-ev:Enter function dot1x_aaa_acct_end
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E6
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Received QUEUE EVENT in response to AAA Request
01:06:06: dot1x-ev:Dot1x matching request-response id 4294967276 found
01:06:06: dot1x-ev:Length of recv eap packet from radius = 4
01:06:06: dot1x-ev:Received VLAN Id -1
01:06:06: dot1x_bend Fa0/4: during state dot1x_bend_response, got event 3(afail)
01:06:06: @@@ dot1x
Switch#_bend Fa0/4: dot1x_bend_response -> dot1x_bend_fail
01:06:06: dot1x-sm:Dot1x Failure State Entered
01:06:06: dot1x-ev:dot1x_bend_fail_enter:001c.c063.a4d1: Current ID=0
01:06:06: dot1x-ev:dot1x_bend: Sending Radius Response to Supplicant of length 4
01:06:06: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:06:06: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/4)
01:06:06: dot1x-registry:registry:dot1x_ether_macaddr called
01:06:06: dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0
Switch#003, et 888E (Fa0/4)
01:06:06: dot1x_bend Fa0/4: idle during state dot1x_bend_fail
01:06:06: @@@ dot1x_bend Fa0/4: dot1x_bend_fail -> dot1x_bend_idle
01:06:06: dot1x-sm:Dot1x Idle State Entered
01:06:06: dot1x_auth Fa0/4: during state auth_authenticating, got event 8(authFail)
01:06:06: @@@ dot1x_auth Fa0/4: auth_authenticating -> auth_held
01:06:06: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_held_enter called
01:06:06: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_
Switch#UNAUTHORIZED
01:06:06: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:06:06: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUTHORIZED
01:06:06: dot1x-ev:dot1x_update_port_status: using mac 001c.c063.a4d1 to send port to unauthorized on vlan 0
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on FastEthernet0/4
01:06:06: dot1x-ev: Gue
Switch#stVlan configured=0
01:06:06: dot1x-ev:supplicant 001c.c063.a4d1 is last
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:001c.c063.a4d1 is now unauthorized on port FastEthernet0/4
01:06:06: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:06:06: dot1x-ev:Enter function dot1x_aaa_acct_end
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Found a supplicant block for ma
Switch#c 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:auth_held_enter:001c.c063.a4d1: Current ID=1
01:06:06: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_authenticating_held_action called
01:06:06: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:06:06: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
Cho mình hỏi thêm là ACS của Cisco có support portBase của switch 3com ko ? Vì mình authen ko được mặc dù chọn là Radius IETF.
Thanks các bạn nhiều lắm
Mọi người giúp mình case này như sau:
triển khai port-base 802.1x trên switch 2950 xác thực bằng Radius của Microsoft (dùng IAS). Mình triển khai IAS hình như kô thành công thì phải. First, mình dùng ACS của Cisco thì ok, sau đó đổi qua IAS thì ko được.
Mình đã vào trang microsoft và đọc file help của IAS, cấu hình theo hướng dẫn nhưng vẫn ko được. Trong quá trình debug thì có xuất hiện lỗi khi dùng lệnh như 'show dot1x interface f0/4' báo là port unauthorised (mình ko cấu hình và cũng ko bật tính năng authorised). Sau đậy là file cầu hình switch:
DC (radius server) cùng subnet có ip là 192.168.1.100 (vlan 1)
aaa new-model
aaa authentication dot1x default group radius
!
username nsp privilege 15 password 0 nsp
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
dot1x system-auth-control
!
!
interface FastEthernet0/1
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode access
dot1x port-control auto
dot1x guest-vlan 2
spanning-tree portfast
!
interface FastEthernet0/3
switchport mode access
dot1x port-control auto
dot1x guest-vlan 2
spanning-tree portfast
!
interface FastEthernet0/4
switchport mode access
dot1x port-control auto
dot1x guest-vlan 2
spanning-tree portfast
!
interface FastEthernet0/5
spanning-tree portfast
!
interface FastEthernet0/6
spanning-tree portfast
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 172.16.1.254 255.255.255.0
ip helper-address 192.168.1.100
no ip route-cache
shutdown
!
ip http server
radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 key abc
radius-server retransmit 3
Switch#sho ip int b
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.254 YES manual up up
Vlan2 172.16.1.254 YES manual administratively down down
FastEthernet0/1 unassigned YES unset up up
Switch#sho dot1x interface f0/4
Supplicant MAC 001c.c063.a4d1
AuthSM State = HELD
BendSM State = IDLE
PortStatus = UNAUTHORIZED
MaxReq = 2
HostMode = Single
Port Control = Auto
QuietPeriod = 60 Seconds
Re-authentication = Disabled
ReAuthPeriod = 3600 Seconds
ServerTimeout = 30 Seconds
SuppTimeout = 30 Seconds
TxPeriod = 30 Seconds
Guest-Vlan = 2
Debug lên thì thấy
01:05 dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet0/4
01:05 dot1x-registry:dot1x_port_linkcomingup invoked on interface FastEthernet0/4
01:05 dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface FastEthernet0/4
01:05:50: dot1x_auth Fa0/4: initial state auth_initialize has enter
01:05 dot1x-sm:Fa0/4:0000.0000.0000:auth_initialize_enter called
01:05 dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0
01:05 dot1x_auth Fa0/4:
Switch# during state auth_initialize, got event 0(cfg_auto)
01:05 @@@ dot1x_auth Fa0/4: auth_initialize -> auth_disconnected
01:05 dot1x-sm:Fa0/4:0000.0000.0000:auth_disconnected_enter_action called
01:05 dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZED
01:05 dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:05 dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUTHORIZED
01:05 dot1x-ev:dot
Switch#1x_update_port_status: using mac 0000.0000.0000 to send port to unauthorized on vlan 0
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05:50: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on FastEthernet0/4
01:05 dot1x-ev: GuestVlan configured=0
01:05 dot1x-ev:supplicant 0000.0000.0000 is default
01:05 dot1x-ev:supplicant 0000.0000.0000 is last
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA3780
Switch#1:05 dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/4
01:05 dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:05 dot1x-ev:Enter function dot1x_aaa_acct_end
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05 dot1x_auth Fa0/4: idle during state auth_disconnected
01:05 @@@ dot1x_auth Fa0/4: auth_disconnected -> auth_connecting
01:05 dot1x-sm:Fa0/4:0000.0000.0000:auth_connecting_enter called
01:05 dot1x_bend Fa0/4: initial state dot1x_bend_initialize has enter
01:05 dot1x-sm:Dot1x Initialize State Entered
01:05:50: dot1x_bend Fa0/4: initial state dot1x_bend_initialize has idle
01:05:50: dot1x_bend Fa0/4: during state dot1x_bend_initialize, got event 16383(idle)
01:05 @@@ dot1x_bend Fa0/4: dot1x_bend_initialize -> dot1x_bend_idle
01:05 dot1x-smot1x Idle State Entered
01:05 dot1x-ev:Created port supplicant block 0000.0000.0000 expected_id=0 current_id=0
01:05 dot1x-ev:dot1x_init_sb_oper_infoefault port supplicant at memloc 80CDA378
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
01:05 dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=1
01:05 dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:05 dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/4)
01:05 dot1x-registry:registry:dot1x_ether_macaddr called
01:05 dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0003, et 888E (Fa0/4)
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0000.0000.0000
01:05 dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:05 dot1x-packet:Tx EAP-Request(Id), id 1, ve
Switch#r 1, len 5 (Fa0/4)
01:05 dot1x-registry:registry:dot1x_ether_macaddr called
01:05 dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0003, et 888E (Fa0/4)
01:05 dot1x-ev:Received an EAPOL frame on interface FastEthernet0/4
01:05 dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/4)
01:05 dot1x-packet:Rx sa=001c.c063.a4d1, da=0180.c200.0003, et 888E (Fa0/4)
01:05 dot1x-ev:Couldn't find a supplicant block for mac 001c.c063.a4d1
01:05 dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80CDA378
01:05 dot1x_auth Fa0/4: initial state auth_initialize has enter
01:05 dot1x-sm:Fa0/4:001c.c063.a4d1:auth_initialize_enter called
01:05 dot1x-ev:auth_initialize_enter:001c.c063.a4d1: Current ID=0
01:05 dot1x_auth Fa0/4: during state auth_initialize, got event 0(cfg_auto)
01:05 @@@ dot1x_auth Fa0/4: auth_initialize -> auth_disconnected
01:05 dot1x-sm:Fa0/4:001c.c063.a4d1:auth_disconnected_enter_action called
01:05 dot1x-sm:
dot1x_update_por
01:05 dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:05 dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vl
Switch#an=0 on FastEthernet0/4
01:05 dot1x-ev: GuestVlan configured=0
01:05 dot1x-ev:supplicant 001c.c063.a4d1 is last
01:05 dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:05 dot1x-ev:001c.c063.a4d1 is now unauthorized on port FastEthernet0/4
01:05 dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:05 dot1x-ev:Enter function dot1x_aaa_acct_end
01:05 dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
Switch#
01:05:51: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:05 dot1x_auth Fa0/4: idle during state auth_disconnected
01:05 @@@ dot1x_auth Fa0/4: auth_disconnected -> auth_connecting
01:05 dot1x-sm:Fa0/4:001c.c063.a4d1:auth_connecting_enter called
01:05 dot1x_bend Fa0/4: initial state dot1x_bend_initialize has enter
01:05 dot1x-smot1x Initialize State Entered
01:05 dot1x_bend Fa0/4: initial state dot1x_bend_initialize has idle01:05
Switch# dot1x_bend Fa0/4: during state dot1x_bend_initialize, got event 16383(idle)
01:05 @@@ dot1x_bend Fa0/4: dot1x_bend_initialize -> dot1x_bend_idle
01:05 dot1x-sm:Dot1x Idle State Entered
01:05 dot1x-ev:Created port supplicant block 001c.c063.a4d1 expected_id=1 current_id=1
01:05:51: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:05 dot1x-ev:dot1x
Switch#_post_message_to_auth_sm: Tx for req_id for supplicant 001c.c063.a4d1
01:05 dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:05 dot1x-packet:Tx EAP-Request(Id), id 0, ver 1, len 5 (Fa0/4)
01:05 dot1x-registry:registry:dot1x_ether_macaddr called
01:05 dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0003, et 888E (Fa0/4)
01:05 %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to up
Switch#
01:06:05: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/4
01:06:05: dot1x-packet:Rx EAP-Response(Id), id 0, ver 1, len 27 (Fa0/4)
01:06:05: dot1x-packet:Rx sa=001c.c063.a4d1, da=0180.c200.0003, et 888E (Fa0/4)
01:06:05: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:05: dot1x_auth Fa0/4: during state auth_connecting, got event 6(rxRespId)
01:06:05: @@@ dot1x_auth Fa0/4: auth_connecting -> auth_authenticating
01:06:05: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_c
Switch#onnecting_exit alled
01:06:05: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_authenticating_enter called
01:06:05: dot1x-ev:sending AUTH_START to BEND for supp_info=80D1E640
01:06:05: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_connecting_authenticating_ac tion called
01:06:05: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D1E640
01:06:05: dot1x_bend Fa0/4: during state dot1x_bend_idle, got event 1(auth_start)
01:06:05: @@@ dot1x_bend Fa0/4: dot1x_bend_idle -> dot1x_bend_response
01:06:05: dot1x-s
Switch#m:Dot1x Response State Entered for supp_info=80D1E640 hwidb=807A0EEC, swidb=807A2240 on intf=Fa0/4
01:06:05: dot1x-ev:Managed Timer in sub-block attached as leaf to master
01:06:05: dot1x-sm:Started the ServerTimeout Timer
01:06:05: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and length = 27
01:06:05: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967276
01:06:05: dot1x-ev:Couldn't Find a process thats already handling the request for this id 0
01:06:06: dot1x-ev:
Switch#Inserted the request on to list of pending requests
01:06:06: dot1x-ev:Found a free slot at slot 0
01:06:06: dot1x-ev:Found a free slot at slot 0
01:06:06: dot1x-ev:Request id = -20 and length = 27
01:06:06: dot1x-ev:The Interface on which we got this AAA Request is FastEthernet0/4
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Username is abc@nsp.com
01:06:06: dot1x-ev:MAC Address is 001c.c063.a4d1
01:06:06: dot1x-ev:RemAddr is 00-1C-C0-
Switch#63-A4-D1/00-15-62-43-AF-44
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-err:Dot1x Authentication failed (AAA_AUTHEN_STATUS_FAIL)
01:06:06: dot1x-err:EAP packet not recvd
01:06:06: dot1x-ev:going to send to backend on SP, length = 4
01:06:06: dot1x-ev:Received VLAN is No Vlan
01:06:06: dot1x-ev:Enqueued the response to BackEnd
01:06:06: dot1x-ev:Enter function dot1x_aaa_acct_end
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E6
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Received QUEUE EVENT in response to AAA Request
01:06:06: dot1x-ev:Dot1x matching request-response id 4294967276 found
01:06:06: dot1x-ev:Length of recv eap packet from radius = 4
01:06:06: dot1x-ev:Received VLAN Id -1
01:06:06: dot1x_bend Fa0/4: during state dot1x_bend_response, got event 3(afail)
01:06:06: @@@ dot1x
Switch#_bend Fa0/4: dot1x_bend_response -> dot1x_bend_fail
01:06:06: dot1x-sm:Dot1x Failure State Entered
01:06:06: dot1x-ev:dot1x_bend_fail_enter:001c.c063.a4d1: Current ID=0
01:06:06: dot1x-ev:dot1x_bend: Sending Radius Response to Supplicant of length 4
01:06:06: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/4
01:06:06: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/4)
01:06:06: dot1x-registry:registry:dot1x_ether_macaddr called
01:06:06: dot1x-packet:Tx sa=0015.6243.af44, da=0180.c200.0
Switch#003, et 888E (Fa0/4)
01:06:06: dot1x_bend Fa0/4: idle during state dot1x_bend_fail
01:06:06: @@@ dot1x_bend Fa0/4: dot1x_bend_fail -> dot1x_bend_idle
01:06:06: dot1x-sm:Dot1x Idle State Entered
01:06:06: dot1x_auth Fa0/4: during state auth_authenticating, got event 8(authFail)
01:06:06: @@@ dot1x_auth Fa0/4: auth_authenticating -> auth_held
01:06:06: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_held_enter called
01:06:06: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_
Switch#UNAUTHORIZED
01:06:06: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:06:06: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUTHORIZED
01:06:06: dot1x-ev:dot1x_update_port_status: using mac 001c.c063.a4d1 to send port to unauthorized on vlan 0
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on FastEthernet0/4
01:06:06: dot1x-ev: Gue
Switch#stVlan configured=0
01:06:06: dot1x-ev:supplicant 001c.c063.a4d1 is last
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:001c.c063.a4d1 is now unauthorized on port FastEthernet0/4
01:06:06: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEthernet0/4
01:06:06: dot1x-ev:Enter function dot1x_aaa_acct_end
01:06:06: dot1x-ev:Found a supplicant block for mac 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:Found a supplicant block for ma
Switch#c 001c.c063.a4d1 80D1E640
01:06:06: dot1x-ev:auth_held_enter:001c.c063.a4d1: Current ID=1
01:06:06: dot1x-sm:Fa0/4:001c.c063.a4d1:auth_authenticating_held_action called
01:06:06: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
01:06:06: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface FastEthernet0/4
Cho mình hỏi thêm là ACS của Cisco có support portBase của switch 3com ko ? Vì mình authen ko được mặc dù chọn là Radius IETF.
Thanks các bạn nhiều lắm