Country/Region

★ Windows PC 802.1x repeated authentication problem

2023-09-27 16:00:24 Published
  • 0 Followed
  • 0Collected ,3647Browsed
Xushuai

Network Topology

PC--5130S--RADIUS

Problem Description

Wired 1x authentication was done on site, and now there is a fault with the terminal repeatedly re-authentication. The authentication goes through the switch and pinging the terminal is normal. When the terminal re-authentication occurs, the ping fails. After the re-authentication succeeds, the ping succeeds. The re-authentication process repeats.

Process Analysis

After collecting debug information, we can see that the device receives the client"s EAP-START message every 30 seconds, triggering re-authentication.
  *Jan 13 21:10:05:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/PACKET:  
Received a packet on interface GigabitEthernet1/0/4. 
Destination Mac Address=0180-c200-0003 
Source Mac Address=000e-c6b9-a801 
Mac Frame Type=888e 
Protocol Version ID=1 
Packet Type=1 
Packet Length=0. 
*Jan 13 21:10:05:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Restart state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:05:376 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Connecting state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:05:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Authenticating state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:05:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: BE is in Request state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:05:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: Sending EAP packet: Identifier=248, type=1
*Jan 13 21:10:35:374 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/PACKET:  
Received a packet on interface GigabitEthernet1/0/4. 
Destination Mac Address=0180-c200-0003 
Source Mac Address=000e-c6b9-a801 
Mac Frame Type=888e 
Protocol Version ID=1 
Packet Type=1 
Packet Length=0. 
*Jan 13 21:10:35:374 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Restart state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:35:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Connecting state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:35:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: PAE is in Authenticating state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:35:375 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: BE is in Request state: UserMAC=000e-c6b9-a801, VLANID=1, Interface=GigabitEthernet1/0/4. 
*Jan 13 21:10:35:376 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/EVENT: Sending EAP packet: Identifier=255, type=1. 
*Jan 13 21:10:35:377 2013 BJWS-N-JR-4FA02-S5130-8 DOT1X/7/PACKET: Transmitted a packet on interface GigabitEthernet1/0/4. Destination Mac Address=000e-c6b9-a801 Source Mac Address=3080-9b25-ce19 VLAN ID=1005

Further inspection of the configuration:

interface GigabitEthernet1/0/4

stp edged-port

arp rate-limit 10

ip verify source ip-address mac-address

dot1x

undo dot1x handshake

dot1x unicast-trigger

dhcp snooping binding record

dhcp snooping check request-message

dhcp snooping check mac-address

Solution

If you use the client that comes with Windows on site, you need to turn off multicast triggering, turn off online handshake, and turn on unicast triggering under the interface.

undo dot1x handshake

undo dot1x multicast-trigger

dot1x unicast-trigger

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted