Hey guys, I am troubleshooting a strange problem with dot1x on several Cisco 2960Xs. When a host is rebooted it can not communicate until I clear the current authentication session. Strange thing I notice in the authentication session detail information, is it lists the client computer on a 169 IP. These workstations are statically configured with IP addresses no dchp. I have included an example below and can supply the debug output of dot1x from the switch saying the host is authorized.
I have tried setting the NIC power save mode to off and updating drivers on the host machines (which are windows 10 computers.) I also tried disabling hyberboot, none of these resolved my issue. Any advice you have I would love to hear, thanks!
example (scrubed PC & Switch Name and actual IP address in last snippet as it had identifying info)
Switch#sh auth sess int gi1/0/20 det Interface: GigabitEthernet1/0/20 MAC Address: 9890.96c6.044e IPv6 Address: Unknown IPv4 Address: 169.254.82.151 User-Name: host/PCNAME Status: Authorized Domain: DATA Oper host mode: multi-domain Oper control dir: in Session timeout: N/A Restart timeout: N/A Periodic Acct timeout: N/A Session Uptime: 25s Common Session ID: 0A663C050000001E00071404 Acct Session ID: 0x00000014 Handle: 0x11000013 Current Policy: POLICY_Gi1/0/20 Local Policies: Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150) Server Policies: Method status list: Method State dot1x Authc Success Switch#clear auth sess int gi1/0/20 Switch#sh auth sess int gi1/0/20 det Interface: GigabitEthernet1/0/20 MAC Address: 9890.96c6.044e IPv6 Address: Unknown IPv4 Address: 169.254.82.151 User-Name: host/PCNAME Status: Authorized Domain: DATA Oper host mode: multi-domain Oper control dir: in Session timeout: N/A Restart timeout: N/A Periodic Acct timeout: N/A Session Uptime: 1s Common Session ID: 0A663C050000001F0007C104 Acct Session ID: 0x00000015 Handle: 0xDE000014 Current Policy: POLICY_Gi1/0/20 Local Policies: Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150) Server Policies: Method status list: Method State dot1x Authc Success Switch#sh auth sess int gi1/0/20 det Interface: GigabitEthernet1/0/20 MAC Address: 9890.96c6.044e IPv6 Address: Unknown IPv4 Address: 10.x.x.x <- Legit IP address User-Name: host/PCNAME Status: Authorized Domain: DATA Oper host mode: multi-domain Oper control dir: in Session timeout: N/A Restart timeout: N/A Periodic Acct timeout: N/A Session Uptime: 4s Common Session ID: 0A663C050000001F0007C104 Acct Session ID: 0x00000015 Handle: 0xDE000014 Current Policy: POLICY_Gi1/0/20 Local Policies: Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150) Server Policies: Method status list: Method State dot1x Authc Success 
No comments:
Post a Comment