Wired Networks

"received eapol-pkt before assos" error on s3500

Symptoms

Why the dot1x authentication is not going through on s3500? 
Why am i getting the error "received eapol-pkt before assos" ?

Diagnosis

This article applies to all Aruba mobility switches.

1. Client machine never asks for credentials.
2. There is no radius request on the Radius server.
3. We see the following in the errorlogs:

 

Apr 25 09:35:51 eapol-pkt-drop * 60:fb:42:f8:a6:f8 01:80:c2:00:00:03 - - received eapol-pkt before assos
Apr 25 09:35:56 eapol-pkt-drop * 60:fb:42:f8:a6:f8 01:80:c2:00:00:03 - - received eapol-pkt before assos
Apr 25 09:36:01 eapol-pkt-drop * 60:fb:42:f8:a6:f8 01:80:c2:00:00:03 - - received eapol-pkt before assos
Apr 25 09:41:29 eapol-pkt-drop * 60:fb:42:f8:a6:f8 01:80:c2:00:00:03 - - received eapol-pkt before assos

Solution

For wired authentication to take place, the port needs to be untrusted. By default, a port is trusted.

If authentication is attempted on on a trusted port, we get that error.

 

We must untrust the port:

# interface g 0/0/12
# no trusted port

 

We cannot have the dot1x authentication on a trusted port

Version History
Revision #:
1 of 1
Last update:
‎06-01-2014 02:02 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.