need help with 802.1x debugging

Giganews Newsgroups
Subject: need help with 802.1x debugging
Posted by:  apsol…@gmail.com
Date: 15 Aug 2006

Hello Gurus,

I am trying to implement 802.1x port authentication for a small
company. Here is the test setup:
Client : Windows 2000 Prof SP4
Switch : Cisco 2950
Authenticator : Microsoft IAS

I have read the documentation for setting up the IAS and the Windows
2000 supplicant. No matter what type of authentication I use, PEAP or
MD5, I am unable to authenticate the port. I have synchronised the IAS
server with Active Directory.
After checking the debug logs on the switch, here is what I found :
I have marked the debug event which I think could be the reason.
I have also tried checking IAS logs but they dont help, neither does
the event log for windows.
I am not  sure if this is the right group but I decided to post it,

006645: 9w2d: dot1x-ev:EAP-code=REQUEST
006646: 9w2d: dot1x-ev:EAP Type= IDENTITY
006647: 9w2d: dot1x-ev:ID=0

006648: 9w2d: dot1x-registry:registry:dot1x_ether_macaddr called
006649: 9w2d: dot1x-packet:Received an EAPOL frame on interface
FastEthernet0/16

006650: 9w2d: dot1x-ev:Received pkt saddr =xxxx.xxxx.xxxx, daddr =
xxxx.xxxx.xxxx,pae-ether-type = 34958
006651: 9w2d: dot1x-ev:Found a supplicant block for mac 0010.a4e4.f1e3
80D86C64

006652: 9w2d: dot1x-packet:Received an EAP packet on interface
FastEthernet0/16
006653: 9w2d:    dot1x_auth Fa0/16: during state auth_connecting, got
event 6(r
xRespId)
006654: 9w2d: @@@ dot1x_auth Fa0/16: auth_connecting ->
auth_authenticating
006655: 9w2d: dot1x-sm:Fa0/16:xxxx.xxxx.xxxx:auth_connecting_exit alled
006656: 9w2d: dot1x-sm:Fa0/16:xxxx.xxxx.xxxx:auth_authenticating_enter
called
006657: 9w2d: dot1x-ev:sending AUTH_START to BEND for
supp_info=80D86C64

006658: 9w2d:
dot1x-sm:Fa0/16:xxxx.xxxx.xxxx:auth_connecting_authenticating_acti
on called
006659: 9w2d: dot1x-ev:Received AuthStart from Authenticator for
supp_info=80D86
C64
006660: 9w2d:    dot1x_bend Fa0/16: during state dot1x_bend_idle, got
event 1(a
uth_start)
006661: 9w2d: @@@ dot1x_bend Fa0/16: dot1x_bend_idle ->
dot1x_bend_response
006662: 9w2d: dot1x-sm:Dot1x Response State Entered for
supp_info=80D86C64 hwidb
=807B1B18, swidb=807B2E6C on intf=Fa0/16

006663: 9w2d: dot1x-ev:Managed Timer in sub-block attached as leaf to
master
006664: 9w2d: dot1x-sm:Started the ServerTimeout Timer
006665: 9w2d: dot1x-ev:Going to Send Request to AAA Client on RP for id
= 0 and
length = 19
006666: 9w2d: dot1x-ev:Got a Request from SP to send it to Radius with
id 116
006667: 9w2d: dot1x-ev:Couldn't Find a process thats already handling
the reques
t for this id 0
006668: 9w2d: dot1x-ev:Inserted the request on to list of pending
requests
006669: 9w2d: dot1x-ev:Found a free slot at slot 0
006670: 9w2d: dot1x-ev:Found a free slot at slot 0
006671: 9w2d: dot1x-ev:Request id = 116 and length = 19
006672: 9w2d: dot1x-ev:The Interface on which we got this AAA Request
is FastEth
ernet0/16
006673: 9w2d: dot1x-ev:Username is domain\username
006674: 9w2d: dot1x-ev:MAC Address is xxxx.xxxx.xxxx
006675: 9w2d: dot1x-ev:RemAddr is xxxx.xxxx.xxxx/xxxx.xxxx.xxxx
*********************************************************************************************************
The authentication information is being recvd by the switch, I can't
understand this error.
006676: 9w2d: dot1x-err:EAP packet not recvd
*******************************************************************************************************
006677: 9w2d: dot1x-ev:going to send to backend on SP, length = 4
006678: 9w2d: dot1x-ev:Received VLAN is No Vlan
006679: 9w2d: dot1x-ev:Enqueued the response to BackEnd
006680: 9w2d: dot1x-ev:Received QUEUE EVENT in response to AAA Request
006681: 9w2d: dot1x-ev:Dot1x matching request-response found
006682: 9w2d: dot1x-ev:Length of recv eap packet from radius = 4
006683: 9w2d: dot1x-ev:Received VLAN Id -1
006684: 9w2d:    dot1x_bend Fa0/16: during state dot1x_bend_response,
got event
3(afail)
006685: 9w2d: @@@ dot1x_bend Fa0/16: dot1x_bend_response ->
dot1x_bend_fail
006686: 9w2d: dot1x-sm:Dot1x Failure State Entered
006687: 9w2d: dot1x-ev:dot1x_bend_fail_enter:xxxx.xxxx.xxxx: Current
ID=0

006688: 9w2d: dot1x-ev:dot1x_bend: Sending Radius Response to
Supplicant of leng
th 4
006689: 9w2d: dot1x-ev:dot1x_tx_eap: EAP Ptk
006690: 9w2d: dot1x-ev:EAP-code=FAILURE
006691: 9w2d: dot1x-ev:EAP Type= Unknown
006692: 9w2d: dot1x-ev:ID=0

006693: 9w2d: dot1x-registry:registry:dot1x_ether_macaddr called
006694: 9w2d:    dot1x_bend Fa0/16: idle during state dot1x_bend_fail
006695: 9w2d: @@@ dot1x_bend Fa0/16: dot1x_bend_fail -> dot1x_bend_idle
006696: 9w2d: dot1x-sm:Dot1x Idle State Entered
006697: 9w2d:    dot1x_auth Fa0/16: during state auth_authenticating,
got event
8(authFail)
006698: 9w2d: @@@ dot1x_auth Fa0/16: auth_authenticating -> auth_held
006699: 9w2d: dot1x-sm:Fa0/16xxxx.xxxx.xxxx:auth_held_enter called
006700: 9w2d: dot1x-sm:
dot1x_update_port_status called with port_status =
DOT1X_PORT_STATUS_UNAUTHORIZE
D
006701: 9w2d: dot1x-ev:dot1x_port_cleanup_author: cleanup author on
interface Fa
stEthernet0/16
006702: 9w2d: dot1x-ev:dot1x_update_port_status: Called with
host_mode=0 state U
NAUTHORIZED

thanks
Ankit

Replies