S5560与ISE对接实现802.1X

使用S5560配置AAA，并使用Cisco ISE作为radius服务器，对用户进行认证。验证结果，从windows上看网卡显示用户认证失败。

经过检查，感觉S5560交换机的配置都正确，radius模板下的服务器状态均为active。截取的部分日志如下：

Transmitted a packet on interface GigabitEthernet1/0/1. 

Destination Mac Address=2cfd-a1b1-e4db 

Source Mac Address=542b-de37-3b3a 

VLAN ID=132 

Mac Frame Type=888e 

Protocol Version ID=1 

Packet Type=0 

Packet Length=4 

-----Packet Body----- 

Code=4 

Identifier=c7 

Length=1024 

*Jan 1 06:23:15:383 2013 H3C DOT1X/7/EVENT: PAE is in Aborting state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1. 

*Jan 1 06:23:15:383 2013 H3C DOT1X/7/EVENT: BE is in Initialize state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1. 

*Jan 1 06:23:15:383 2013 H3C DOT1X/7/EVENT: PAE is in Disconnect state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1. 

*Jan 1 06:23:15:384 2013 H3C DOT1X/7/EVENT: BE is in Idle state: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1. 

*Jan 1 06:23:15:384 2013 H3C DOT1X/7/EVENT: Interface GigabitEthernet1/0/1 received Set the port authorization status to unauthorized event. 

*Jan 1 06:23:15:386 2013 H3C DOT1X/7/EVENT: Processing AuthenFail event: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1. 

*Jan 1 06:23:15:387 2013 H3C DOT1X/7/EVENT: Notified PortSec of AuthenFail result 2: UserMAC=2cfd-a1b1-e4db, VLANID=132, Interface=GigabitEthernet1/0/1. %Jan 1 06:23:40:541 2013 H3C STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change. 

*Jan 1 06:23:45:197 2013 H3C DOT1X/7/EVENT: EAP-Request/Identity packet multicasting timed out on GigabitEthernet1/0/1. 

*Jan 1 06:23:45:197 2013 H3C DOT1X/7/EVENT: Multicasted EAP-Request/Identity packets on interface GigabitEthernet1/0/1. 

*Jan 1 06:23:45:303 2013 H3C DOT1X/7/PACKET

接入交换机为S5560X，radius地址10.1.32.142