problème perte authentification 802.1x

Switchs et réseau

Switchs et réseau
Rejoignez les conversations dédiés aux switchs et réseaux Dell

problème perte authentification 802.1x

Cette question a suggéré des réponses

Bonjour,

Nous rencontrons un problème sur le 802.1x sur un basculement d'un utilisateur sur un vlan de production à un vlan guest.

L’utilisateur bensafi est bien connecté sur le vlan de production au départ, au bout d'une heure cet utilisateur passe sur le vlan guest sans action de notre part.

L'utilisateur est obligé de débrancher et de rebrancher son cable réseau pour se ré authentifier.

=> pas de log particulier sur le serveur radius

voici les logs sur le switch :

ST-1B.183#show dot1x users

 Port      Username

--------- ----------------------------------------------------------------

Gi1/0/2   TRINH

Gi1/0/2

Gi2/0/3   KERLANN

Gi2/0/3

Gi3/0/1  BOUGEARD

Gi3/0/1

Gi3/0/7   BENSAFI

Gi3/0/11  BOURDIOL

Gi3/0/11

 

ST-1B.183#show log

 Logging is enabled

Logging protocol version: 0

Source Interface............................... Default

Console Logging: Level warnings. Messages : 154 logged, 49175 ignored

Monitor Logging: disabled

Buffer Logging: Level informational. Messages : 2878 logged, 41627 ignored

File Logging: Level emergencies. Messages : 0 logged, 49329 ignored

Switch Auditing : enabled

CLI Command Logging: disabled

Web Session Logging : disabled

SNMP Set Command Logging : disabled

Logging facility level : local7

0 Messages dropped due to lack of resources

Buffer Log:

<190> Mar 22 10:07:57 ST-1B.183-3 CLI_WEB[emWeb]: cmd_logger_api.c(260) 49329 %% [CLI:admin:172.29.1.91] User admin logged in to enable mode.

<189> Mar 22 10:07:55 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49328 %% Session 1 of type 3 started for user admin connected from 172.29.1.91.

<190> Mar 22 10:07:55 ST-1B.183-3 CLI_WEB[emWeb]: cmd_logger_api.c(260) 49327 %% [CLI:admin:172.29.1.91] User has succesfully logged in

<189> Mar 22 10:07:55 ST-1B.183-3 TRAPMGR[emWeb]: traputil.c(763) 49326 %% Multiple Users: CPU

<189> Mar 22 10:07:52 ST-1B.183-3 TRAPMGR[tRpcsrv.01000]: traputil.c(763) 49325 %% Failed User Login with User ID: admin

<190> Mar 22 10:07:52 ST-1B.183-3 USER_MGR[tRpcsrv.01000]: user_mgr.c(1813) 49324 %% User admin Failed to login because of authentication failures

<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49323 %% Gi3/0/7 is transitioned from the Learning state to the Forwarding state in instance 0

<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49322 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0

<189> Mar 22 10:07:45 ST-1B.183-3 DOT1X[dot1xTask]: dot1x_radius.c(966) 49321 %% Dot1x authenticated successfully

<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49320 %% Gi3/0/7 status is authorized

<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49319 %% RADIUS: MS attribute type =26

<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49318 %% RADIUS: MS attribute type =10

<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49317 %% RADIUS: MS attribute type =57

<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49316 %% RADIUS: MS attribute type =45

<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49315 %% RADIUS: MS attribute type =15

<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49314 %% RADIUS: MS attribute type =14

<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49313 %% RADIUS: MS attribute type =54

<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49304 %% Gi3/0/7 status is Unauthorized

<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49303 %% Link Up: Gi3/0/7

<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49300 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0

<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49299 %% Link on Gi3/0/7 is failed

<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49298 %% Link Down: Gi3/0/7

<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49297 %% Gi3/0/7 status is Unauthorized

<189> Mar 22 10:06:49 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49295 %% Gi3/0/7 is transitioned from the Learning state to the Forwarding state in instance 0

<189> Mar 22 10:06:49 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49294 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0

<189> Mar 22 10:06:49 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49293 %% Gi3/0/7 status is authorized

<189> Mar 22 10:06:49 ST-1B.183-3 DOT1X[dot1xTask]: dot1x_control.c(4083) 49292 %% Supplicant MAC address [a0:1d:48:b0: c:20] on logical interface [ifName not found(7296)] gets authenticated on guest mode VLAN ID 55 due to guest VLAN timer expiry.

 

<189> Mar 22 10:06:20 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49291 %% Gi3/0/7 status is Unauthorized

<189> Mar 22 10:06:19 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49290 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0

<189> Mar 22 10:06:19 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49289 %% Gi3/0/7 status is Unauthorized

<189> Mar 22 10:05:56 ST-1B.183-3 DOT1X[dot1xTask]: dot1x_radius.c(966) 49288 %% Dot1x authenticated successfully

<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49287 %% RADIUS: MS attribute type =26

<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49286 %% RADIUS: MS attribute type =10

<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49285 %% RADIUS: MS attribute type =57

<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49284 %% RADIUS: MS attribute type =45

<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49283 %% RADIUS: MS attribute type =15

<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49282 %% RADIUS: MS attribute type =14

<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49281 %% RADIUS: MS attribute type =54

(…)

ST-1B.183#show running-config interface gi3/0/7

 

storm-control broadcast

switchport voice detect auto

ip dhcp snooping limit rate 50

description "VOIP-PC"

spanning-tree portfast

switchport mode trunk

switchport trunk native vlan 2

switchport trunk allowed vlan 2,55,72,666

dot1x port-control mac-based

dot1x reauthentication

dot1x timeout supp-timeout 10

dot1x timeout guest-vlan-period 30

dot1x timeout server-timeout 20

dot1x max-req 3

dot1x guest-vlan 55

dot1x unauth-vlan 55

authentication order dot1x mab

authentication priority dot1x mab

lldp transmit-tlv sys-desc sys-cap

lldp transmit-mgmt

lldp notification

lldp med confignotification

voice vlan 72

voice vlan auth disable

Toutes les réponses
  • Bonjour,

    pourriez vous me communiquer via message privé, le service tag de votre switch?

    Cordialement,
    Stéphane