Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Problems with dot1x authentication when computers reboot

This thread has been viewed 40 times

  • 1.  Problems with dot1x authentication when computers reboot

    Posted Apr 26, 2021 12:04 PM
    Hello,

    this is our first time setting up port authentication, we configured ports for both dot1x and MAC auth so all devices get authenticated and get assigned a VLAN dynamically. MAC auth is working fine (only problem is that devices that are unauthenticated keep trying to reauthenticate - would appreciate some help to stop this behavior) , dot1x auth mostly too, but we get issues on reboots. There are 4 scenarios that happen on reboot:

    1. Port gets stuck at "Authenticating" state (device gets no network connectivity because it doesn't even fall to unauthenticated VLAN, which is the worst scenario)  
      1. 2021-04-26:10:05:12.024375|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180725 Creating event 'Port Not-Forwarding At Health Layer' for port '1/1/48'
        

        2021-04-26:10:05:12.101076|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180728 logID=180728 Handling event 'Port Not-Forwarding At Health Layer' for Dot1XPort '1/1/48' in state 'DISCOVERING'
        

        2021-04-26:10:05:12.101273|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180728 logID=180728 dot1xport SM State transition [DISCOVERING] -> [DOWN] for object with key '1/1/48'
        

        2021-04-26:10:05:12.101448|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180728 logID=180728 Event handler of Dot1XPort '1/1/48' for event 'Port Not-Forwarding At Health Layer' in state 'DISCOVERING' returned 'OK'
        

        2021-04-26:10:05:14.464047|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180737 Creating event 'Port Forwarding At Health Layer' for port '1/1/48'
        

        2021-04-26:10:05:14.480235|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180739 logID=180739 Handling event 'Port Forwarding At Health Layer' for Dot1XPort '1/1/48' in state 'DOWN'
        

        2021-04-26:10:05:14.480443|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180739 logID=180739 dot1xport SM State transition [DOWN] -> [UP] for object with key '1/1/48'
        

        2021-04-26:10:05:14.480726|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180739 logID=180739 dot1xport SM State transition [UP] -> [DISCOVERING] for object with key '1/1/48'
        

        2021-04-26:10:05:14.480890|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180739 logID=180739 Event handler of Dot1XPort '1/1/48' for event 'Port Forwarding At Health Layer' in state 'DOWN' returned 'OK'
        

        2021-04-26:10:05:18.418114|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180749 logID=180749 Handling event 'Dot1X Authentication Start For Client On Port' for Dot1XPort '1/1/48' in state 'DISCOVERING'
        

        2021-04-26:10:05:18.418437|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180749 logID=180749 Event handler of Dot1XPort '1/1/48' for event 'Dot1X Authentication Start For Client On Port' in state 'DISCOVERING' returned 'OK'
        

        2021-04-26:10:05:18.426912|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180749 DB Operation: Insert dot1x entry for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': port-access-client-auth-attribute row inserted with uuid 156f63fa-21ac-4e5a-a760-e678003d83d0
        

        2021-04-26:10:05:18.933163|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180751 logID=180751 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:19.929890|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180752 dot1xpae SM State transition [INITIALIZE] -> [UNAUTHENTICATED] for user 'unknown' with key '1/1/48, 00:01:2e:41:b0:17'
        

        2021-04-26:10:05:19.930182|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180752 dot1xpae SM State transition [UNAUTHENTICATED] -> [AUTHENTICATING] for user 'unknown' with key '1/1/48, 00:01:2e:41:b0:17'
        

        2021-04-26:10:05:19.951251|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180752 logID=180752 DB Operation: Update state for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': state update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:19.951427|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180752 logID=180752 DB Operation: Update state for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': state update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:21.355530|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180755 logID=180755 Handling event 'Dot1X EAPOL Start Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERING'
        

        2021-04-26:10:05:21.355733|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180755 logID=180755 dot1xport SM State transition [DISCOVERING] -> [DISCOVERED] for object with key '1/1/48'
        

        2021-04-26:10:05:21.356591|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180755 logID=180755 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAPOL Start Packet Received on Port' in state 'DISCOVERING' returned 'OK'
        

        2021-04-26:10:05:21.451859|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180757 logID=180757 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:21.452362|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received authentication request Access-Request(New) from 802.1x to send to group radius
        

        2021-04-26:10:05:21.458188|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Sending RADIUS request for context 0xace0c8b0 client request id 631 radius id 118 to 10.69.140.2 1812 swns in the group radius
        

        2021-04-26:10:05:21.459456|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180757 logID=180757 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:21.464949|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180757 logID=180757 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:21.470139|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Validation succeeded for the packet recevied from 10.69.140.2:1812 (14) for RADIUS request context 0xace0c8b0 client request id 631 radius id 118 .
        

        2021-04-26:10:05:21.471362|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received Access-Challenge response for the request context 0xace0c8b0 client request id 631 radius id 118 sent by 802.1x
        

        2021-04-26:10:05:21.472553|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180758 logID=180758 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:21.482400|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180758 logID=180758 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:21.503153|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180760 logID=180760 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:21.504753|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received authentication request Access-Request(Challenge) from 802.1x to send to group radius
        

        2021-04-26:10:05:21.508852|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Sending RADIUS request for context 0xace0c8b0 client request id 632 radius id 119 to 10.69.140.2 1812 swns in the group radius
        

        2021-04-26:10:05:21.510749|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180760 logID=180760 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:21.515140|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180760 logID=180760 DB Operation: Update EAP method for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': EAP method update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:21.516391|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180760 logID=180760 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:21.528673|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Validation succeeded for the packet recevied from 10.69.140.2:1812 (14) for RADIUS request context 0xace0c8b0 client request id 632 radius id 119 .
        

        2021-04-26:10:05:21.530283|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received Access-Challenge response for the request context 0xace0c8b0 client request id 632 radius id 119 sent by 802.1x
        

        2021-04-26:10:05:21.531397|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180761 logID=180761 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:21.545971|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180761 logID=180761 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:21.548163|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180763 logID=180763 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:21.549814|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received authentication request Access-Request(Challenge) from 802.1x to send to group radius
        

        2021-04-26:10:05:21.553924|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Sending RADIUS request for context 0xace0c8b0 client request id 633 radius id 120 to 10.69.140.2 1812 swns in the group radius
        

        2021-04-26:10:05:21.555578|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180763 logID=180763 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:21.556897|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180763 logID=180763 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:21.562142|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Validation succeeded for the packet recevied from 10.69.140.2:1812 (14) for RADIUS request context 0xace0c8b0 client request id 633 radius id 120 .
        

        2021-04-26:10:05:21.563412|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180764 logID=180764 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:21.573279|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180764 logID=180764 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.000941|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180767 logID=180767 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.001393|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Dropped 1 log messages in last 0 seconds (most recently, 0 seconds ago) due to excessive rate
        

        2021-04-26:10:05:22.001522|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received authentication request Access-Request(Challenge) from 802.1x to send to group radius
        

        2021-04-26:10:05:22.005454|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Sending RADIUS request for context 0xace0c8b0 client request id 634 radius id 121 to 10.69.140.2 1812 swns in the group radius
        

        2021-04-26:10:05:22.007107|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180767 logID=180767 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.007562|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180767 logID=180767 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:22.014612|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Validation succeeded for the packet recevied from 10.69.140.2:1812 (14) for RADIUS request context 0xace0c8b0 client request id 634 radius id 121 .
        

        2021-04-26:10:05:22.014814|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received Access-Challenge response for the request context 0xace0c8b0 client request id 634 radius id 121 sent by 802.1x
        

        2021-04-26:10:05:22.015029|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180768 logID=180768 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.032650|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180768 logID=180768 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.155133|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180770 logID=180770 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.155559|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received authentication request Access-Request(Challenge) from 802.1x to send to group radius
        

        2021-04-26:10:05:22.158788|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Sending RADIUS request for context 0xace0c8b0 client request id 635 radius id 122 to 10.69.140.2 1812 swns in the group radius
        

        2021-04-26:10:05:22.159774|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180770 logID=180770 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.160234|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180770 logID=180770 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:22.164497|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Validation succeeded for the packet recevied from 10.69.140.2:1812 (14) for RADIUS request context 0xace0c8b0 client request id 635 radius id 122 .
        

        2021-04-26:10:05:22.164691|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received Access-Challenge response for the request context 0xace0c8b0 client request id 635 radius id 122 sent by 802.1x
        

        2021-04-26:10:05:22.165236|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180771 logID=180771 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.175083|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180771 logID=180771 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.180331|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180773 logID=180773 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.181528|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received authentication request Access-Request(Challenge) from 802.1x to send to group radius
        

        2021-04-26:10:05:22.185289|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Sending RADIUS request for context 0xace0c8b0 client request id 636 radius id 123 to 10.69.140.2 1812 swns in the group radius
        

        2021-04-26:10:05:22.186624|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180773 logID=180773 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.188202|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180773 logID=180773 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:22.191908|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Validation succeeded for the packet recevied from 10.69.140.2:1812 (14) for RADIUS request context 0xace0c8b0 client request id 636 radius id 123 .
        

        2021-04-26:10:05:22.192807|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180774 logID=180774 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.201591|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180774 logID=180774 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.205164|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180776 logID=180776 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.210804|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180776 logID=180776 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.211900|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180776 logID=180776 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:22.222416|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180777 logID=180777 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.231829|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180777 logID=180777 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.591275|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180779 logID=180779 Handling event 'Dot1X EAP Packet Received on Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.591749|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Dropped 5 log messages in last 1 seconds (most recently, 1 seconds ago) due to excessive rate
        

        2021-04-26:10:05:22.591884|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received authentication request Access-Request(Challenge) from 802.1x to send to group radius
        

        2021-04-26:10:05:22.595372|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Sending RADIUS request for context 0xace0c8b0 client request id 638 radius id 125 to 10.69.140.2 1812 swns in the group radius
        

        2021-04-26:10:05:22.596186|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180779 logID=180779 Event handler of Dot1XPort '1/1/48' for event 'Dot1X EAP Packet Received on Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:22.596602|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180779 logID=180779 DB Operation: Update username for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48': username update for pae with MAC 00:01:2e:41:b0:17 on port '1/1/48' successful
        

        2021-04-26:10:05:22.603790|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Validation succeeded for the packet recevied from 10.69.140.2:1812 (14) for RADIUS request context 0xace0c8b0 client request id 638 radius id 125 .
        

        2021-04-26:10:05:22.603986|port-accessd|LOG_INFO|AMM|-|PORTACCESS|PORTACCESS_DOT1X_RADIUS|Received Access-Challenge response for the request context 0xace0c8b0 client request id 638 radius id 125 sent by 802.1x
        

        2021-04-26:10:05:22.604481|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180780 logID=180780 Handling event 'RADIUS Response Received On Port' for Dot1XPort '1/1/48' in state 'DISCOVERED'
        

        2021-04-26:10:05:22.613700|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180780 logID=180780 Event handler of Dot1XPort '1/1/48' for event 'RADIUS Response Received On Port' in state 'DISCOVERED' returned 'OK'
        

        2021-04-26:10:05:23.937554|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180782 logID=180782 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:28.941958|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180787 logID=180787 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:33.948134|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180792 logID=180792 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:38.951846|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180797 logID=180797 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:43.957066|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180802 logID=180802 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:48.961631|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180808 logID=180808 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:53.966233|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180813 logID=180813 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:05:58.970539|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180818 logID=180818 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:03.974632|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180823 logID=180823 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:08.980248|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180828 logID=180828 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:13.984669|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180834 logID=180834 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:18.989754|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180843 logID=180843 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:23.993887|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180848 logID=180848 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:28.997643|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180853 logID=180853 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:34.002568|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180858 logID=180858 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:39.007151|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180863 logID=180863 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:44.012646|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180868 logID=180868 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:49.017592|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180874 logID=180874 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:54.022149|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180879 logID=180879 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:06:59.027086|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180884 logID=180884 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:04.032512|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180889 logID=180889 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:09.035977|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180894 logID=180894 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:14.039540|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180900 logID=180900 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:19.045360|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180909 logID=180909 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:24.050717|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180915 logID=180915 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:29.053613|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180920 logID=180920 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:34.059159|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180925 logID=180925 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:39.063646|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180930 logID=180930 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:44.069155|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180935 logID=180935 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:49.073619|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180941 logID=180941 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:54.083622|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180946 logID=180946 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:07:59.088638|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180951 logID=180951 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:04.094331|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180956 logID=180956 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:09.099722|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180961 logID=180961 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:14.104067|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180967 logID=180967 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:19.109028|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180976 logID=180976 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:24.114134|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180981 logID=180981 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:29.117035|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180986 logID=180986 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:34.122946|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180991 logID=180991 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:39.126875|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=180996 logID=180996 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:44.132877|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181001 logID=181001 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:49.137367|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181007 logID=181007 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:54.141493|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181013 logID=181013 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:08:59.146415|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181018 logID=181018 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:09:04.152007|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181023 logID=181023 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:09:09.155659|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181028 logID=181028 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:09:13.434907|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_SERVICES|logID=181033 Handing over the event 2 to component Neighbor Manager
        

        2021-04-26:10:09:14.160503|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181034 logID=181034 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
        

        2021-04-26:10:09:17.091265|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_SERVICES|logID=181037 Handing over the event 2 to component Neighbor Manager
        

        2021-04-26:10:09:17.093645|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_SERVICES|logID=181038 Handing over the event 2 to component Neighbor Manager
        

        2021-04-26:10:09:17.094765|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_SERVICES|logID=181039 Handing over the event 2 to component Neighbor Manager
        

        2021-04-26:10:09:17.096045|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_SERVICES|logID=181040 Handing over the event 2 to component Neighbor Manager
        

        2021-04-26:10:09:17.764635|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_SERVICES|logID=181042 Handing over the event 2 to component Neighbor Manager
        

        2021-04-26:10:09:19.064614|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_SERVICES|logID=181044 Handing over the event 2 to component Neighbor Manager
        

        2021-04-26:10:09:19.164451|port-accessd|LOG_DEBUG|AMM|-|PORTACCESS|PORTACCESS_DOT1X_PROTOCOL|logID=181045 logID=181045 DB Operation: Update dot1x statistics for port '1/1/48': statistics update for port row with uuid ca4c7c93-a57a-4ba0-b674-cceece67f670 successful
    2. Port fails to auth with dot1x, gets unauthenticated because of MAC auth, then after while get authenticated with dot1x
    3. Port doesn't even try to authenticate with dot1x
    4. Port gets authenticated correctly 


    This behavior seems totally random. It gets authenticated correctly after I restart the port or a user unplugs and plugs network cable back in. However this is really a pain in production environment. We've tried setting different timeouts, setting tasks to restart auth service on computer boot up, different radius server settings  (we are using Microsoft NPS) and basically every tip we could find for this kind of problem. 

    Currently all ports are configured like this, the Failed role just assigns a VLAN. 

    no shutdown
    

        vlan access 1
    

        aaa authentication port-access client-limit 32
    

        aaa authentication port-access auth-mode device-mode
    

        aaa authentication port-access critical-role Failed
    

        aaa authentication port-access reject-role Failed
    

        port-access allow-flood-traffic enable
    

        aaa authentication port-access dot1x authenticator
    

            eapol-timeout 5
    

            initial-auth-response-timeout 10
    

            max-eapol-requests 4
    

            max-retries 3                                          
    

            quiet-period 5
    

            discovery-period 5
    

            enable
    

        aaa authentication port-access mac-auth
    

            quiet-period 10
    

            enable


    I would appreciate any help with these issues (some computers work fine, it happens randomly mostly on Windows 7 computers, but sometimes it also happens on fully updated Windows 10 computers).



    ------------------------------
    Peter Bendik
    ------------------------------


  • 2.  RE: Problems with dot1x authentication when computers reboot

    Posted Apr 27, 2021 04:02 AM
    Hi,

    what type of switch models and os versions do you use? Looks like CX.

    Maybe you can have a look into the "fallback-role" for unauthenticated clients and into concurrent authentication of mac and  802.1x with "port-access onboarding-method concurrent enable".

    Greetings,
    Thomas


    ------------------------------
    Thomas Klein
    ------------------------------

    Original Message


  • 3.  RE: Problems with dot1x authentication when computers reboot

    Posted Apr 27, 2021 05:07 AM
    Hi Thomas, 

    I am using Aruba 6100 and 6200 switches with the newest firmware AOS-CX 10.07. I'll take a look and let you know if it helped. 

    Thank you.

    ------------------------------
    Peter Bendik
    ------------------------------

    Original Message


  • 4.  RE: Problems with dot1x authentication when computers reboot

    Posted Apr 27, 2021 05:31 AM

    So I configured both fallback-role and concurrent authentication but the same thing keeps happening. The port doesn't get assigned the fallback role and also it seems that it doesn't respect any timeouts I configured because it stays in this state until I restart the port.  

      Session Details

      ---------------

        Port         : 1/1/48

        Session Time : 532s

        IPv4 Address : 

        IPv6 Address : 


      Authentication Details

      ----------------------

        Status          : Authenticating

        Auth Precedence : dot1x - Authenticating, mac-auth - Unauthenticated

        Auth History    : mac-auth - Unauthenticated, Server-Reject, 532s ago


      Authorization Details

      ----------------------

        Role   : 

        Status : 


    ------------------------------
    Peter Bendik
    ------------------------------

    Original Message


  • 5.  RE: Problems with dot1x authentication when computers reboot

    Posted Apr 27, 2021 08:41 AM
    Looking into your configuration and comparing it to mine i noticed that you set the auth-mode to device-mode. Do you really want the first device with it's first authentication open the port for all devices connected on such a port? Can you do a test with the standard setting "client-mode"?

    client-mode
    Selects client mode. In this mode, all clients connecting to the port are sent for authentication.
    The maximum number of clients allowed to connect to the port is limited by the client limit value
    configured with the aaa authentication port-access client-limit command.

    device-mode
    Selects device mode. In this mode, only the first client connecting to the port is sent for authentication.
    Once this client is authenticated, the port is considered as open and all subsequent clients trying to
    connect on that port are not sent for authentication.

    ------------------------------
    Thomas Klein
    ------------------------------

    Original Message


  • 6.  RE: Problems with dot1x authentication when computers reboot

    Posted Apr 27, 2021 09:14 AM

    Yes actually this is the behaviour we want, as there are many APs connected to ports, and we want to keep wireless and wired authentication separate. But I've tried it with client-mode and still got the same result. Sometimes it goes fine but usually (on Win 7) it ends up stuck. The other scenarios I mention are probably caused by Windows supplicant, but this one is causing the most issues as the computer doesn't get internet connection at all (if it at least timed out and fell back to my guest VLAN). I've tried the default timeouts, short and long timeouts but the problem persists. This is the result from dot1x client status. 

      Authentication Details

      ----------------------

        Status                        : Authenticating

        Type                          : Pass-Through

        EAP-Method                    : PEAP

        Auth Failure reason           : 

        Time Since Last State Change  : 970s




      Authentication Statistics

      -------------------------

        Authentication                         : 1

        Authentication Timeout                 : 0

        EAP-Start While Authenticating         : 2

        EAP-Logoff While Authenticating        : 0

        Successful Authentication              : 0

        Failed Authentication                  : 0

        Re-Authentication                      : 0

        Successful Re-Authentication           : 0

        Failed Re-Authentication               : 0

        EAP-Start When Authenticated           : 0

        EAP-Logoff When Authenticated          : 0

        Re-Auths When Authenticated            : 0

        Cached Re-Authentication               : 0



    ------------------------------
    Peter Bendik
    ------------------------------

    Original Message


  • 7.  RE: Problems with dot1x authentication when computers reboot

    Posted Apr 27, 2021 12:42 PM
    I would probably start a TAC case now. Aruba hopefully can help to better understand why the status does not change from authenticating.

    ------------------------------
    Thomas Klein
    ------------------------------

    Original Message