Wired Intelligent Edge

Hi.

i have a setup with CX switchen and 802.1x auth with NPS server.

the roles that i have is

port-access role authenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 802
port-access role unauthenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 803

and config on the port is

interface 1/1/10
    description Access-Port-802.1X
    no shutdown
    vlan access 803
    spanning-tree port-type admin-edge
    no aaa authentication port-access allow-lldp-auth
    aaa authentication port-access client-limit 2
    aaa authentication port-access preauth-role unauthenticated
    aaa authentication port-access reject-role unauthenticated
    aaa authentication port-access auth-role authenticated
    aaa authentication port-access dot1x authenticator

the client is not part of the company and external without Wired autocnfig enabled so no 802.1x on client side,

The issue is that the client gets the pre-auth role and after a few minuted it says (se below info) and there is nothing in the Role and satus.

show aaa authentication port-access interface 1/1/10 client-status

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 4062s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authentication Failed, Supplicant-Timeout
    Auth Precedence : dot1x - Unauthenticated, mac-auth - Not attempted
    Auth History    : dot1x - Unauthenticated, Supplicant-Timeout, 3898s ago

  Authorization Details
  ----------------------
    Role   :
    Status :

this is after i shut/no shut

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 1s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authenticating
    Auth Precedence : dot1x - Initialized, mac-auth - Not attempted
    Auth History    :

  Authorization Details
  ----------------------
    Role   : unauthenticated, Preauth role
    Status : Applied

Anyone that had same issue and how is this solved?

Hi.

i have a setup with CX switchen and 802.1x auth with NPS server.

the roles that i have is

port-access role authenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 802
port-access role unauthenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 803

and config on the port is

interface 1/1/10
    description Access-Port-802.1X
    no shutdown
    vlan access 803
    spanning-tree port-type admin-edge
    no aaa authentication port-access allow-lldp-auth
    aaa authentication port-access client-limit 2
    aaa authentication port-access preauth-role unauthenticated
    aaa authentication port-access reject-role unauthenticated
    aaa authentication port-access auth-role authenticated
    aaa authentication port-access dot1x authenticator

the client is not part of the company and external without Wired autocnfig enabled so no 802.1x on client side,

The issue is that the client gets the pre-auth role and after a few minuted it says (se below info) and there is nothing in the Role and satus.

show aaa authentication port-access interface 1/1/10 client-status

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 4062s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authentication Failed, Supplicant-Timeout
    Auth Precedence : dot1x - Unauthenticated, mac-auth - Not attempted
    Auth History    : dot1x - Unauthenticated, Supplicant-Timeout, 3898s ago

  Authorization Details
  ----------------------
    Role   :
    Status :

this is after i shut/no shut

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 1s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authenticating
    Auth Precedence : dot1x - Initialized, mac-auth - Not attempted
    Auth History    :

  Authorization Details
  ----------------------
    Role   : unauthenticated, Preauth role
    Status : Applied

Anyone that had same issue and how is this solved?

Hi Ahmed,

did you resolve your problem ? i'm facing the same issue with the same configuration on Aruba 6000.

Thank you :)

Hi.

i have a setup with CX switchen and 802.1x auth with NPS server.

the roles that i have is

port-access role authenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 802
port-access role unauthenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 803

and config on the port is

interface 1/1/10
    description Access-Port-802.1X
    no shutdown
    vlan access 803
    spanning-tree port-type admin-edge
    no aaa authentication port-access allow-lldp-auth
    aaa authentication port-access client-limit 2
    aaa authentication port-access preauth-role unauthenticated
    aaa authentication port-access reject-role unauthenticated
    aaa authentication port-access auth-role authenticated
    aaa authentication port-access dot1x authenticator

the client is not part of the company and external without Wired autocnfig enabled so no 802.1x on client side,

The issue is that the client gets the pre-auth role and after a few minuted it says (se below info) and there is nothing in the Role and satus.

show aaa authentication port-access interface 1/1/10 client-status

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 4062s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authentication Failed, Supplicant-Timeout
    Auth Precedence : dot1x - Unauthenticated, mac-auth - Not attempted
    Auth History    : dot1x - Unauthenticated, Supplicant-Timeout, 3898s ago

  Authorization Details
  ----------------------
    Role   :
    Status :

this is after i shut/no shut

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 1s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authenticating
    Auth Precedence : dot1x - Initialized, mac-auth - Not attempted
    Auth History    :

  Authorization Details
  ----------------------
    Role   : unauthenticated, Preauth role
    Status : Applied

Anyone that had same issue and how is this solved?

Hi.

Yes, Just enable the MAC auth on the port also.

This is my port config now

interface 1/1/5
    description Access-Port-802.1X
    no shutdown
    vlan access 803
    spanning-tree port-type admin-edge
    aaa authentication port-access client-limit 2
    aaa authentication port-access preauth-role unauthenticated
    aaa authentication port-access reject-role unauthenticated
    aaa authentication port-access auth-role authenticated
    aaa authentication port-access dot1x authenticator
        enable
    aaa authentication port-access mac-auth
        enable
    exit

Hi Ahmed,

did you resolve your problem ? i'm facing the same issue with the same configuration on Aruba 6000.

Thank you :)

Hi.

i have a setup with CX switchen and 802.1x auth with NPS server.

the roles that i have is

port-access role authenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 802
port-access role unauthenticated
    stp-admin-edge-port
    reauth-period 28800
    vlan access 803

and config on the port is

interface 1/1/10
    description Access-Port-802.1X
    no shutdown
    vlan access 803
    spanning-tree port-type admin-edge
    no aaa authentication port-access allow-lldp-auth
    aaa authentication port-access client-limit 2
    aaa authentication port-access preauth-role unauthenticated
    aaa authentication port-access reject-role unauthenticated
    aaa authentication port-access auth-role authenticated
    aaa authentication port-access dot1x authenticator

the client is not part of the company and external without Wired autocnfig enabled so no 802.1x on client side,

The issue is that the client gets the pre-auth role and after a few minuted it says (se below info) and there is nothing in the Role and satus.

show aaa authentication port-access interface 1/1/10 client-status

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 4062s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authentication Failed, Supplicant-Timeout
    Auth Precedence : dot1x - Unauthenticated, mac-auth - Not attempted
    Auth History    : dot1x - Unauthenticated, Supplicant-Timeout, 3898s ago

  Authorization Details
  ----------------------
    Role   :
    Status :

this is after i shut/no shut

Port Access Client Status Details

Client 5c:60:ba:bf:ac:60
========================
  Session Details
  ---------------
    Port         : 1/1/10
    Session Time : 1s
    IPv4 Address :
    IPv6 Address :
    Device Type  :

  Authentication Details
  ----------------------
    Status          : Authenticating
    Auth Precedence : dot1x - Initialized, mac-auth - Not attempted
    Auth History    :

  Authorization Details
  ----------------------
    Role   : unauthenticated, Preauth role
    Status : Applied

Anyone that had same issue and how is this solved?