troubleshooting Question

cisco catalyst port based 802.1x and ms ias

Avatar of kamsuj
kamsujFlag for Poland asked on
Windows Server 2003Switches / HubsNetwork Operations
16 Comments1 Solution1333 ViewsLast Modified:
Hi,

I have a problem with cisco catalyst port based 802.1x and ms ias radius i have set authentication with:


aaa new-model
aaa authentication dot1x lista1 group radius local
interface FastEthernet0/39
 dot1x port-control auto
radius-server host XX.XXX.X.X auth-port 1812 acct-port 1813 key XXXXXXXXXX
radius-server retransmit 3


and when i try to authenticate i get the following debug message on the switch:

010961: 17w0d: dot1x-core(Fa0/39): starting
010962: 17w0d: dot1x-core(Fa0/39): control event
010963: 17w0d: dot1x-authsm(Fa0/39): state INITIALIZE, event CONTROL, arg 0x0
010964: 17w0d: dot1x-authsm(Fa0/39): state DISCONNECTED, event ENTRY, arg 0x0
010965: 17w0d: dot1x-core(Fa0/39): deauthorized port
010966: 17w0d: dot1x-core(Fa0/39): send EAPOL type=0, EAP code=4, id=0
010967: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event ENTRY, arg 0x0
010968: 17w0d: dot1x-core(Fa0/39): send EAPOL type=0, EAP code=1, id=1
010969: 17w0d: dot1x-authsm(Fa0/39): first connection attempt
010970: 17w0d: dot1x-besm(Fa0/39): state INITIALIZE, event CONTROL, arg 0x0
010971: 17w0d: dot1x-besm(Fa0/39): state IDLE, event ENTRY, arg 0x0
010972: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event CONTROL, arg 0x0
010973: 17w0d: dot1x-reauthsm(Fa0/39): reauth timer stopped
010974: 17w0d: dot1x-core(Fa0/39): control event
010975: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event CONTROL, arg 0x0
010976: 17w0d: dot1x-besm(Fa0/39): state IDLE, event CONTROL, arg 0x0
010977: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event CONTROL, arg 0x0
010978: 17w0d: dot1x-reauthsm(Fa0/39): reauth timer stopped
010979: Feb 26 13:33:44: %LINK-3-UPDOWN: Interface FastEthernet0/39, changed state to up
010980: 17w0d: dot1x-core(Fa0/39): timer TX_WHEN expired
010981: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event TIMEOUT, arg 0x0
010982: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event ENTRY, arg 0x0
010983: 17w0d: dot1x-core(Fa0/39): send EAPOL type=0, EAP code=1, id=1
010984: 17w0d: dot1x-authsm(Fa0/39): connection retry 1 of 2
010985: 17w0d: dot1x-besm(Fa0/39): state IDLE, event TIMEOUT, arg 0x0
010986: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event TIMEOUT, arg 0x0
010987: 17w0d: dot1x-core(Fa0/39): timer TX_WHEN expired
010988: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event TIMEOUT, arg 0x0
010989: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event ENTRY, arg 0x0
010990: 17w0d: dot1x-core(Fa0/39): send EAPOL type=0, EAP code=1, id=1
010991: 17w0d: dot1x-authsm(Fa0/39): connection retry 2 of 2
010992: 17w0d: dot1x-besm(Fa0/39): state IDLE, event TIMEOUT, arg 0x0
010993: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event TIMEOUT, arg 0x0
010994: 17w0d: dot1x-core(Fa0/39): timer TX_WHEN expired
010995: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event TIMEOUT, arg 0x0
010996: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event ENTRY, arg 0x0
010997: 17w0d: dot1x-authsm(Fa0/39): exceeded maximum connection attempts
010998: 17w0d: dot1x-authsm(Fa0/39): state DISCONNECTED, event ENTRY, arg 0x0
010999: 17w0d: dot1x-core(Fa0/39): deauthorized port
011000: 17w0d: dot1x-core(Fa0/39): send EAPOL type=0, EAP code=4, id=1
011001: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event ENTRY, arg 0x0
011002: 17w0d: dot1x-core(Fa0/39): send EAPOL type=0, EAP code=1, id=2
011003: 17w0d: dot1x-authsm(Fa0/39): first connection attempt
011004: 17w0d: dot1x-besm(Fa0/39): state IDLE, event TIMEOUT, arg 0x0
011005: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event TIMEOUT, arg 0x0
011006: 17w0d: dot1x-core(Fa0/39): EAPOL pkt in
011007: 17w0d: dot1x-core(Fa0/39): 00:00:39:8E:C5:E2 sent EAPOL type=0, EAP code=2, id=2
011008: 17w0d: dot1x-authsm(Fa0/39): state CONNECTING, event INPUT, arg 0x80C2BFD8
011009: 17w0d: dot1x-authsm(Fa0/39): state AUTHENTICATING, event ENTRY, arg 0x80C2BFD8
011010: 17w0d: dot1x-besm(Fa0/39): state IDLE, event INPUT, arg 0x80C2BFD8
011011: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event INPUT, arg 0x80C2BFD8
011012: 17w0d: dot1x-core(Fa0/39): control event
011013: 17w0d: dot1x-authsm(Fa0/39): state AUTHENTICATING, event CONTROL, arg 0x0
011014: 17w0d: dot1x-besm(Fa0/39): state IDLE, event CONTROL, arg 0x0
011015: 17w0d: dot1x-besm(Fa0/39): state RESPONSE, event ENTRY, arg 0x0
011016: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event CONTROL, arg 0x0
011017: 17w0d: dot1x-reauthsm(Fa0/39): reauth timer stopped
011018: 17w0d: dot1x-core(Fa0/39): control event
011019: 17w0d: dot1x-authsm(Fa0/39): state AUTHENTICATING, event CONTROL, arg 0x0
011020: 17w0d: dot1x-besm(Fa0/39): state RESPONSE, event CONTROL, arg 0x0
011021: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event CONTROL, arg 0x0
011022: 17w0d: dot1x-reauthsm(Fa0/39): reauth timer stopped
011023: 17w0d: dot1x-backend(Fa0/39): [71] starting aaa sequence
011024: 17w0d: dot1x-backend(Fa0/39): [71] relaying EAP data from supplicant
011025: 17w0d: dot1x-backend(Fa0/39): [71] starting login
011026: 17w0d: dot1x-backend(Fa0/39): [71] login user userek@domenka.pl, client ID XX-XX-XX-XX-XX-XX
011027: 17w0d: dot1x-backend(Fa0/39): [71] start_login returned FAIL
011028: 17w0d: dot1x-backend(Fa0/39): [71] cleaning up AAA context
011029: 17w0d: dot1x-core(Fa0/39): RADIUS reply (1) received
011030: 17w0d: dot1x-authsm(Fa0/39): state AUTHENTICATING, event SERVER_REPLY, arg 0x1
011031: 17w0d: dot1x-besm(Fa0/39): state RESPONSE, event SERVER_REPLY, arg 0x1
011032: 17w0d: dot1x-besm(Fa0/39): state FAIL, event ENTRY, arg 0x1
011033: 17w0d: dot1x-core(Fa0/39): send EAPOL type=0, EAP code=4, id=0
011034: 17w0d: dot1x-besm(Fa0/39): state IDLE, event ENTRY, arg 0x1
011035: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event SERVER_REPLY, arg 0x1
011036: 17w0d: dot1x-core(Fa0/39): control event
011037: 17w0d: dot1x-authsm(Fa0/39): state AUTHENTICATING, event CONTROL, arg 0x0
011038: 17w0d: dot1x-authsm(Fa0/39): state HELD, event ENTRY, arg 0x0
011039: 17w0d: dot1x-core(Fa0/39): deauthorized port
011040: 17w0d: dot1x-besm(Fa0/39): state IDLE, event CONTROL, arg 0x0
011041: 17w0d: dot1x-reauthsm(Fa0/39): state INITIALIZE, event CONTROL, arg 0x0
011042: 17w0d: dot1x-reauthsm(Fa0/39): reauth timer stopped


do you have any ideas what's wrong? For my strange is the line:

011027: 17w0d: dot1x-backend(Fa0/39): [71] start_login returned FAIL

but what failed? authentication? communication with the radius server? In ias (logfiles and server events) i don't have nothing about any authentication (success or failed - nothing).

Thanks for any help,
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 16 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 16 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros