Hi,
If I plug pc directly to sw it works fine. but if I put it through ipphone
,it doesnt work.
phone authenticate via mab just fine and then I get below error.
%AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for
client
aaa new-model
!
!
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
!
!
!
!
aaa server radius dynamic-author
client 100.0.0.10
server-key cisco123
!
!
ip device tracking
!
dot1x system-auth-control
!
!
interface GigabitEthernet1/0/5
switchport mode access
switchport voice vlan 9
logging event spanning-tree
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
interface Vlan1
ip address 100.0.0.3 255.255.255.0
!
!
ip radius source-interface Vlan1
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server host 100.0.0.10 auth-port 1812 acct-port 1813 key cisco123
radius-server vsa send accounting
radius-server vsa send authentication
!
SW1#$ sh authentication sessions int
f1/0/5
Interface: FastEthernet1/0/5
MAC Address: 48f8.b32b.24a3
IP Address: Unknown
User-Name: 48f8b32b24a3
Status: Running
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 640000010000000E01DFBAEC
Acct Session ID: 0x00000011
Handle: 0x0D00000E
Runnable methods list:
Method State
dot1x Running
----------------------------------------
Interface: FastEthernet1/0/5
MAC Address: 000f.2340.71cb
IP Address: Unknown
User-Name: 00-0F-23-40-71-CB
Status: Authz Success
Domain: VOICE
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-51134bb2
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 640000010000000F01DFD428
Acct Session ID: 0x00000012
Handle: 0x8C00000F
Runnable methods list:
Method State
dot1x Failed over
*eventually it times out. My suspision is it never pass 802.1x to the PC.*
-----------------------------------------------------------------------------------------------------------------
%AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for
client (48f8.b32b.24a3) on Interface Fa1/0/5 AuditSessionID
640000010000000E01DFBAEC
dot1x-ev(Fa1/0/5): Received Authz fail for the client 0x660000A7
(48f8.b32b.24a3)
dot1x-ev(Fa1/0/5): Deleting client 0x660000A7 (48f8.b32b.24a3)
%AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (48f8.b32b.24a3)
on Interface Fa1/0/5 AuditSessionID 640000010000000E01DFBAEC
%AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client
(48f8.b32b.24a3) on Interface Fa1/0/5 AuditSessionID
640000010000000E01DFBAEC
%AUTHMGR-5-FAIL: Authorization failed for client (48f8.b32b.24a3) on
Interface Fa1/0/5 AuditSessionID 640000010000000E01DFBAEC
dot1x-ev:Delete auth client (0x660000A7) message
dot1x-ev:Auth client ctx destroyed
dot1x-ev:Aborted posting message to authenticator state machine: Invalid
client
SW1#$
dot1x-ev(Fa1/0/5): Couldn't find the supplicant in the list
dot1x-ev(Fa1/0/5): Sending create new context event to EAP for 0xED0000A8
(48f8.b32b.24a3)
dot1x-ev(Fa1/0/5): Created a client entry (0xED0000A8)
dot1x-ev(Fa1/0/5): Dot1x authentication started for 0xED0000A8
(48f8.b32b.24a3)
%AUTHMGR-5-START: Starting 'dot1x' for client (48f8.b32b.24a3) on Interface
Fa1/0/5 AuditSessionID 640000010000000E01DFBAEC
SW1#$
dot1x-ev(Fa1/0/5): Sending EAPOL packet to 48f8.b32b.24a3
dot1x-ev(Fa1/0/5): Role determination not required
dot1x-ev(Fa1/0/5): Sending out EAPOL packet
Blogs and organic groups at http://www.ccie.net
Received on Thu Nov 14 2013 - 05:00:22 ART
This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 20:26:19 ART