Wired Intelligent Edge (Campus Switching and Routing)

Clients Not Authenticating via 802.1x and Jumbo Frame

MVP
MVP
Problem:

Issue : 

 Clients not authenticating via 802.1x authentication.

 Mac Auth works fine.



Diagnostics:

1-    Show tech all logs,  error : radius server not reachable and no radius server configured. 
2-    Request is reaching the CPPM, but TIMEOUT / REJECT with reason “Client did not complete EAP transaction”
3-    In show radius, the server has  * in front of the IP (sometimes), however the server is reachable.
4-    On the PC the logs  the error states“ network stopped answering authentication , error code 0
5- In the Wireshark, we could see, the certificate exchange, after that  the EAP starts all over again.
6- Debugging in the switch  will only give only Access Challenge. 



Solution

Vlan Configuration : 

vlan 11
   name "Network MGMT"
   untagged A10,A18,B15-B16,G18
   tagged B13,Trk1
   ip address 10.60.11.225 255.255.255.0
   jumbo
   exit

Check if there is Jumbo enabled. 

If yes, go ahead and disable Jumbo frame in the switch. 


Somewhere in the data path, or on the server, jumbo frame support has been removed or adjusted to prevent the radius packets from reaching CPPM.
This is possibly the most likely reason.  This could occur on the switch, or on the server.
 

Version history
Revision #:
1 of 1
Last update:
Friday
Updated by: