Non résolu
Ce message a plus de 5 ans
1 message(s)
0
1473
problème perte authentification 802.1x
Bonjour,
Nous rencontrons un problème sur le 802.1x sur un basculement d'un utilisateur sur un vlan de production à un vlan guest.
L’utilisateur bensafi est bien connecté sur le vlan de production au départ, au bout d'une heure cet utilisateur passe sur le vlan guest sans action de notre part.
L'utilisateur est obligé de débrancher et de rebrancher son cable réseau pour se ré authentifier.
=> pas de log particulier sur le serveur radius
voici les logs sur le switch :
ST-1B.183#show dot1x users
Port Username
--------- ----------------------------------------------------------------
Gi1/0/2 TRINH
Gi1/0/2
Gi2/0/3 KERLANN
Gi2/0/3
Gi3/0/1 BOUGEARD
Gi3/0/1
Gi3/0/7 BENSAFI
Gi3/0/11 BOURDIOL
Gi3/0/11
ST-1B.183#show log
Logging is enabled
Logging protocol version: 0
Source Interface............................... Default
Console Logging: Level warnings. Messages : 154 logged, 49175 ignored
Monitor Logging: disabled
Buffer Logging: Level informational. Messages : 2878 logged, 41627 ignored
File Logging: Level emergencies. Messages : 0 logged, 49329 ignored
Switch Auditing : enabled
CLI Command Logging: disabled
Web Session Logging : disabled
SNMP Set Command Logging : disabled
Logging facility level : local7
0 Messages dropped due to lack of resources
Buffer Log:
<190> Mar 22 10:07:57 ST-1B.183-3 CLI_WEB[emWeb]: cmd_logger_api.c(260) 49329 %% [CLI:admin:172.29.1.91] User admin logged in to enable mode.
<189> Mar 22 10:07:55 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49328 %% Session 1 of type 3 started for user admin connected from 172.29.1.91.
<190> Mar 22 10:07:55 ST-1B.183-3 CLI_WEB[emWeb]: cmd_logger_api.c(260) 49327 %% [CLI:admin:172.29.1.91] User has succesfully logged in
<189> Mar 22 10:07:55 ST-1B.183-3 TRAPMGR[emWeb]: traputil.c(763) 49326 %% Multiple Users: CPU
<189> Mar 22 10:07:52 ST-1B.183-3 TRAPMGR[tRpcsrv.01000]: traputil.c(763) 49325 %% Failed User Login with User ID: admin
<190> Mar 22 10:07:52 ST-1B.183-3 USER_MGR[tRpcsrv.01000]: user_mgr.c(1813) 49324 %% User admin Failed to login because of authentication failures
<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49323 %% Gi3/0/7 is transitioned from the Learning state to the Forwarding state in instance 0
<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49322 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0
<189> Mar 22 10:07:45 ST-1B.183-3 DOT1X[dot1xTask]: dot1x_radius.c(966) 49321 %% Dot1x authenticated successfully
<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49320 %% Gi3/0/7 status is authorized
<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49319 %% RADIUS: MS attribute type =26
<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49318 %% RADIUS: MS attribute type =10
<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49317 %% RADIUS: MS attribute type =57
<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49316 %% RADIUS: MS attribute type =45
<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49315 %% RADIUS: MS attribute type =15
<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49314 %% RADIUS: MS attribute type =14
<190> Mar 22 10:07:45 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49313 %% RADIUS: MS attribute type =54
<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49304 %% Gi3/0/7 status is Unauthorized
<189> Mar 22 10:07:45 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49303 %% Link Up: Gi3/0/7
<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49300 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0
<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49299 %% Link on Gi3/0/7 is failed
<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49298 %% Link Down: Gi3/0/7
<189> Mar 22 10:07:40 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49297 %% Gi3/0/7 status is Unauthorized
<189> Mar 22 10:06:49 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49295 %% Gi3/0/7 is transitioned from the Learning state to the Forwarding state in instance 0
<189> Mar 22 10:06:49 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49294 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0
<189> Mar 22 10:06:49 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49293 %% Gi3/0/7 status is authorized
<189> Mar 22 10:06:49 ST-1B.183-3 DOT1X[dot1xTask]: dot1x_control.c(4083) 49292 %% Supplicant MAC address [a0:1d:48:b0: c:20] on logical interface [ifName not found(7296)] gets authenticated on guest mode VLAN ID 55 due to guest VLAN timer expiry.
<189> Mar 22 10:06:20 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49291 %% Gi3/0/7 status is Unauthorized
<189> Mar 22 10:06:19 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49290 %% Gi3/0/7 is transitioned from the Forwarding state to the Blocking state in instance 0
<189> Mar 22 10:06:19 ST-1B.183-3 TRAPMGR[trapTask]: traputil.c(721) 49289 %% Gi3/0/7 status is Unauthorized
<189> Mar 22 10:05:56 ST-1B.183-3 DOT1X[dot1xTask]: dot1x_radius.c(966) 49288 %% Dot1x authenticated successfully
<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49287 %% RADIUS: MS attribute type =26
<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49286 %% RADIUS: MS attribute type =10
<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49285 %% RADIUS: MS attribute type =57
<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49284 %% RADIUS: MS attribute type =45
<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49283 %% RADIUS: MS attribute type =15
<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49282 %% RADIUS: MS attribute type =14
<190> Mar 22 10:05:56 ST-1B.183-3 RADIUS[radius_task]: radius.c(1672) 49281 %% RADIUS: MS attribute type =54
(…)
ST-1B.183#show running-config interface gi3/0/7
storm-control broadcast
switchport voice detect auto
ip dhcp snooping limit rate 50
description "VOIP-PC"
spanning-tree portfast
switchport mode trunk
switchport trunk native vlan 2
switchport trunk allowed vlan 2,55,72,666
dot1x port-control mac-based
dot1x reauthentication
dot1x timeout supp-timeout 10
dot1x timeout guest-vlan-period 30
dot1x timeout server-timeout 20
dot1x max-req 3
dot1x guest-vlan 55
dot1x unauth-vlan 55
authentication order dot1x mab
authentication priority dot1x mab
lldp transmit-tlv sys-desc sys-cap
lldp transmit-mgmt
lldp notification
lldp med confignotification
voice vlan 72
voice vlan auth disable
Dell-Stephane T
4 Operator
4 Operator
•
3.7K messages
1
23 mars 2017 03:00
Bonjour,
pourriez vous me communiquer via message privé, le service tag de votre switch?
Cordialement,
Stéphane