Many thanks for you suggestion. I am new to CISCO world and all those
debugs don't tell me much, but perhaps you will understand it:
I enabled:
debug aaa authentication
debug aaa per-user
debug eap all
debug dot1x all
Then i tried to connect to PaceketFence-Public network from Windows 7
machine, and got network login dialog 3 times (username and password ) and
then it reported failure.
Here is the log
ap#show log
Syslog logging: enabled (1 messages dropped, 2 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 423 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 423 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 104 message lines logged
Log Buffer (4096 bytes):
000000F4): Bind i/f
*Mar 1 23:42:39.716: AAA/AUTHEN/PPP (000000F4): Pick method list
'mac_methods'
*Mar 1 23:42:39.760: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:39.760: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:39.760: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:39.760: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 23:42:40.808: AAA/BIND(000000F5): Bind i/f
*Mar 1 23:42:40.808: AAA/AUTHEN/PPP (000000F5): Pick method list
'mac_methods'
*Mar 1 23:42:40.855: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:40.855: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:40.855: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:40.855: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 23:42:41.900: AAA/BIND(000000F6): Bind i/f
*Mar 1 23:42:41.901: AAA/AUTHEN/PPP (000000F6): Pick method list
'mac_methods'
*Mar 1 23:42:41.948: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:41.948: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:41.948: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:41.949: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 23:42:43.024: AAA/BIND(000000F7): Bind i/f
*Mar 1 23:42:43.024: AAA/AUTHEN/PPP (000000F7): Pick method list
'mac_methods'
*Mar 1 23:42:43.069: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:43.069: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:43.069: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:43.069: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 23:42:44.147: AAA/BIND(000000F8): Bind i/f
*Mar 1 23:42:44.147: AAA/AUTHEN/PPP (000000F8): Pick method list
'mac_methods'
*Mar 1 23:42:44.199: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:44.200: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:44.200: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:44.200: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 23:42:45.271: AAA/BIND(000000F9): Bind i/f
*Mar 1 23:42:45.272: AAA/AUTHEN/PPP (000000F9): Pick method list
'mac_methods'
*Mar 1 23:42:45.318: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:45.318: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:45.319: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:45.319: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 23:42:46.378: AAA/BIND(000000FA): Bind i/f
*Mar 1 23:42:46.379: AAA/AUTHEN/PPP (000000FA): Pick method list
'mac_methods'
*Mar 1 23:42:46.425: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:46.425: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:46.425: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:46.425: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 23:42:47.470: AAA/BIND(000000FB): Bind i/f
*Mar 1 23:42:47.471: AAA/AUTHEN/PPP (000000FB): Pick method list
'mac_methods'
*Mar 1 23:42:47.517: dot1x-ev:dot1x_mgr_process_eapol_pak: dot1x eapol on
dot11 interface
*Mar 1 23:42:47.517: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role
determination not required on Dot11Radio0.2.
*Mar 1 23:42:47.517: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an
EAPOL pkt on Authenticator Q
*Mar 1 23:42:47.517: dot1x-registry:registry:dot1x_ether_macaddr called
ap#
I am trying te get something out of this, but so far no success :(
-----Original Message-----
From: Olivier Bilodeau [mailto:[email protected]]
Sent: Friday, August 31, 2012 1:48 PM
To: [email protected]
Cc: Marko Mrvelj
Subject: Re: [PacketFence-users] Help with Cisco 2960 and 1242
Roll up your sleeves and enter the fabulous world of Cisco
troubleshooting/debugging:
Enable AAA debug and check the logs. I'm not sure of the specific
granularity of your IOS but usually one of these will help:
debug aaa authentication
debug aaa packets
debug dot1x
Remember to do <TAB> to see all options under aaa and dot1x and enable the
ones that seem appropriate. Then reproduce the problem and do a:
show log
Good luck!
--
Olivier Bilodeau
[email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse
inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
