Wired

 View Only
last person joined: yesterday 

Back to discussions
Expand all | Collapse all

CX 802.1x Authentication Failed, Supplicant-Timeout

This thread has been viewed 22 times

  • 1.  CX 802.1x Authentication Failed, Supplicant-Timeout

    Posted Oct 04, 2023 10:14 AM

    Hi.

    i have a setup with CX switchen and 802.1x auth with NPS server.

    the roles that i have is

    port-access role authenticated
        stp-admin-edge-port
        reauth-period 28800
        vlan access 802
    port-access role unauthenticated
        stp-admin-edge-port
        reauth-period 28800
        vlan access 803

    and config on the port is

    interface 1/1/10
        description Access-Port-802.1X
        no shutdown
        vlan access 803
        spanning-tree port-type admin-edge
        no aaa authentication port-access allow-lldp-auth
        aaa authentication port-access client-limit 2
        aaa authentication port-access preauth-role unauthenticated
        aaa authentication port-access reject-role unauthenticated
        aaa authentication port-access auth-role authenticated
        aaa authentication port-access dot1x authenticator

    the client is not part of the company and external without Wired autocnfig enabled so no 802.1x on client side,

    The issue is that the client gets the pre-auth role and after a few minuted it says (se below info) and there is nothing in the Role and satus.

    show aaa authentication port-access interface 1/1/10 client-status

    Port Access Client Status Details

    Client 5c:60:ba:bf:ac:60
    ========================
      Session Details
      ---------------
        Port         : 1/1/10
        Session Time : 4062s
        IPv4 Address :
        IPv6 Address :
        Device Type  :

      Authentication Details
      ----------------------
        Status          : Authentication Failed, Supplicant-Timeout
        Auth Precedence : dot1x - Unauthenticated, mac-auth - Not attempted
        Auth History    : dot1x - Unauthenticated, Supplicant-Timeout, 3898s ago

      Authorization Details
      ----------------------
        Role   :
        Status :

    this is after i shut/no shut

    Port Access Client Status Details

    Client 5c:60:ba:bf:ac:60
    ========================
      Session Details
      ---------------
        Port         : 1/1/10
        Session Time : 1s
        IPv4 Address :
        IPv6 Address :
        Device Type  :

      Authentication Details
      ----------------------
        Status          : Authenticating
        Auth Precedence : dot1x - Initialized, mac-auth - Not attempted
        Auth History    :

      Authorization Details
      ----------------------
        Role   : unauthenticated, Preauth role
        Status : Applied

    Anyone that had same issue and how is this solved?



  • 2.  RE: CX 802.1x Authentication Failed, Supplicant-Timeout

    Posted Oct 14, 2023 05:42 PM

    Its been a while since I last configured sth similar myself. However, initial thoughts is that you have 3 scenarios configured for the port
    preauth role
    successful authentication (radius accept from NPS)
    successful authentication (radius reject from NPS)

    However, what you are hitting over there is a 'timeout', which does not hit any of your 3 scenarios. you can either add mac auth after dot1x and make sure it will fails.
    or maybe you can try to find some additional config within the port related to timeout and covers your scenario. 

    I hope that helps a bit on where to look.


    Original Message