PC--5130S--RADIUS
现场做的有线1x认证,现在出现终端反复重认证的故障,认证通过交换机ping终端正常,终端出现重认证时ping不通,再次认证成功后又可以ping通,重认证过程反复
收集了debug信息,可以看到每隔30s设备就收到客户端的EAP-START报文触发了重认证
*Jan 13 21:10:05:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/4.
Destination Mac Address=0180-c200-0003
Source Mac Address=000e-c6b9-a801
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=1
Packet Length=0.
*Jan 13 21:10:05:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Restart state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:05:376 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Connecting state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:05:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Authenticating state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:05:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: BE is in Request state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:05:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: Sending EAP packet: Identifier=248, type=1.
*Jan 13 21:10:35:374 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/PACKET:
Received a packet on interface GigabitEthernet1/0/4.
Destination Mac Address=0180-c200-0003
Source Mac Address=000e-c6b9-a801
Mac Frame Type=888e
Protocol Version ID=1
Packet Type=1
Packet Length=0.
*Jan 13 21:10:35:374 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Restart state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:35:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Connecting state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:35:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Authenticating state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:35:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: BE is in Request state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4.
*Jan 13 21:10:35:376 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: Sending EAP packet: Identifier=255, type=1.
*Jan 13 21:10:35:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/PACKET: Transmitted a packet on interface GigabitEthernet1/0/4. Destination Mac Address=000e-c6b9-a801 Source Mac Address=3080-9b25-ce19 VLAN ID=1005
进一步检查配置:
interface GigabitEthernet1/0/4
stp edged-port
arp rate-limit 10
ip verify source ip-address mac-address
dot1x
undo dot1x handshake
dot1x unicast-trigger
dhcp snooping binding record
dhcp snooping check request-message
dhcp snooping check mac-address
现场使用windows自带的客户端,接口下需要关闭组播触发,关闭在线握手,开启单播触发。
如下命令
undo dot1x handshake
undo dot1x multicast-trigger
dot1x unicast-trigger
接口下关闭组播触发,关闭在线握手,开启单播触发。
如下命令
undo dot1x handshake
undo dot1x multicast-trigger
dot1x unicast-trigger
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作