Cisco ASA [Lab 2.5] Port based authen on Switch and NPS windows

root · Jun 8, 2016

[Lab 1.5] Port-based Authentication NPS windows 2012R2 - Part 5

Phần 1: chúng ta đã cài đặt xong các dịch vụ Active Directory, DHCP và NPS trên windows server 2012R2 thanh công.
Phần 2: chúng ta sẽ cấu hình Radius Client (switch cisco 2960) với NPS server (active directory windows 2012R2). Đảm bảo Radius client và Server có thể trao đổi việc xác thực của client. Tích hợp NPS với Active Directory windows 2012R2 để chúng ta có thể tạo các policy xác thực user domain.
Phần 3: Chúng ta sẽ cấu hình policy để xác thức với các user domain. Sau khi xác thực thanh công với NPS thì Client mới khởi tạo các traffic khác được.
Phần 4: Chúng ta sẽ phải cấu hình 802.1x trên Switch và các PC để thực hiện chứng thực với NPS trên windows server 2012R2

Phần 5: các công đoạn cấu hình đã xong. Phần này chúng ta sẽ kiểm tra việc xác thực khi PC gắn vào 1 port trên Switch Cisco 2960. Sau đó chúng ta sẽ sử dung wiresharke để bắt các gói chứng thực giữa PC với Switch và RADIUS server (NPS server trên windows 2012R2).

- Phần 1: http://svuit.vn/threads/lab-2-1-port-based-authen-on-switch-and-nps-windows-1199/
- Phần 2: http://svuit.vn/threads/lab-2-2-port-based-authen-on-switch-and-nps-windows-1200/
- Phần 3: http://svuit.vn/threads/lab-2-3-port-based-authen-on-switch-and-nps-windows-1201/
- Phần 4: http://svuit.vn/threads/lab-2-4-port-based-authen-on-switch-and-nps-windows-1202/
- Phần 5: http://svuit.vn/threads/lab-2-5-port-based-authen-on-switch-and-nps-windows-1203/

- Video hướng dẫn cấu hình và test

Phần 1: Cấu hình port Based authentication với NPS tích hợp Active Directory 2012R2
Phần 2: Kiểm tra tính năng port based authen with NPS windows 2012 mà chúng ta đã cấu hình ở phần 1. PC chưa join domain sẽ gắn dây ethenet vào port đã cấu hình 802.1x trên Switch Cisco 2960 để kiểm tra kết quả
Phần 3: Kiểm tra tính năng port based authen with NPS windows 2012 mà chúng ta đã cấu hình ở phần 1. Lần này chúng ta sẽ test với PC đã join domain. Khi PC gắn dây ethenet vào port đã cấu hình 802.1x trên Switch Cisco 2960 thì nó sẽ tự động thực hiện authentication và người dùng không cần phải nhập username và password như bài test ở phần 2

- Download file cấu hình bài lab: DOWNLOAD

III/ Test và Phân tích

1/ Test
Bây giờ mình sẽ sử dụng PC vừa cấu hình 802.1x ở trên để test thử tính năng Port-Based authentication mà chúng ta đã cấu hình ở trên.

Gắn dây mạng từ PC này vào port f0/1 của Switch 2960. Nó sẽ hiện thị một cửa sổ yêu cầu bạn nhập username và password chứng thực với RADIUS Server.

Eedk34llHRGPXaVe--Gj7EMxb1vMlnF5YnISgRpZUv0W0fE8JI9o_OCdwafiZtzZDKflOCcKK405gUu0k4K1pm1pUnOdoKpSP56LGD8TxJ5rIdFTfR-Z9_LVFl78v3ZwWPLZnUPEjD4sNWJhjQ

- Sau khi bạn nhập đúng username và password domain thuộc group ADMIN thì Server mới cấp DHCP và traffic người dùng mới đi qua được port f0/1 của Switch.

- Chứng thực thành công xong PC sẽ gửi yêu cầu xin DHCP tới DHCP server.

npvh_AFlrTzXnwjVVKOQGAwuOaecnTLHKc6yVoehOIwpAHUByfQ29XsDS2ojEhO8Ds194iyZolrDrsA4nN7M7yRHKU0-3HcANA49pZB4xcPhxFLBSSxDheu_HIcuyV_9FvL15yJGp_PHTAeryA

- Đây là thông tin DHCP cấp cho PC

t1eAVB5CEVsDADH-A1-f_AMeBD8JQuan5T6MofezZ9UCK310HE7Sx-kjLKO9BH8qGV2x3EfWL1fxOnFwT3Daqu0V8bgkeU5SqmLgE460FF-KSNo2G1aozrRh3oMKtcLQ84ubuFe0o_6cfZ2Rdw

2/ Phân tích
- Chúng ta sẽ dùng WireSharke để phân tích quá trình chứng thực khi client telnet vào Switch như thế nào.

- Đầu tiên khi PC gắn dây vào Switch Cisco 2960. Nó sẽ gửi các yêu cầu client chứng thực thông qua giao thức EAP.

- Sau đó client mới gửi thông tin username và password chứng thực của mình đến cho Switch 2960. Các bạn có thể thấy thông tin người dùng xác thực gửi cho server thông qua gói EAP Response.

swgfDRRCmKq2sJynzqNPb2G_ZXXBdvhBvR2-Pguz6zVxcR9_-cb5crXhPOaWp4UBcL4pwe6L2rv6tkjt3oUAKGRLcM3ymbZsP2w72K43rzddUZSE9bZaVUP-NMq6MsSKo8yCJHEmOHPNPeqg3A

Switch sẽ chuyển các gói tin chứng thực của Client đến RADIUS server (NPS trên windows server 2012R2).

NPS server (RADIUS Server) sẽ kiểm tra các thông tin xác thực của người dùng gửi. Nếu thỏa mãn các điều kiện nó sẽ gửi gói tin Access-Accept cho Switch.

vBkRngPCT7cpvSj47e2hDYQxjhdepOoXOF6ahoBNJ1UdJtOjj6mmk9spLI_XF2co9Q5YsKqR0od4FicpF3s8BGX1mpa00NqHfh8CsvNRnP5dqCAsJBCkbwaH_7LzX5ywuqoSqEY5aYrjdGeEsQ

- Switch sẽ gửi cho server gói tin EAP và thông báo PC là nó đã xác thực thành công. Lúc này PC mới khởi tạo được gói DHCP request để xin DHCP và các gói tin khác.

kE0lKmd-8nO47U9lohH-WFkYDeYoIv_aEIjHcxMDROf9lq6HqDtRaYcSNwS1GuCXepoPPqrkcMJhR8qeQb6USdU8tY8d4MpYDPwB0ykFh-fxx0NRF711-e1mdYsEzZJYfkwRKjxYHGbOMYOuMw

root · Jun 8, 2016

log debug chứng thực trên Switch CISCO 2960 khi PC gắn dây mạng vào 1 port của Switch Cisco 2960

Code:

Switch#debug dot1x all

*Mar 1 01:55:10.165: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0x5E000010
*Mar 1 01:55:10.165: dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar 1 01:55:10.165: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar 1 01:55:10.165: dot1x-sm(Fa0/1): 0x5E000010:auth_authenticating_enter called
*Mar 1 01:55:10.165: dot1x-sm(Fa0/1): 0x5E000010:auth_connecting_authenticating_action called
*Mar 1 01:55:10.165: dot1x-sm(Fa0/1): Posting AUTH_START for 0x5E000010
*Mar 1 01:55:10.165: dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar 1 01:55:10.165: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar 1 01:55:10.165: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_request_enter called
*Mar 1 01:55:10.165: dot1x-packet(Fa0/1): EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1 data:
*Mar 1 01:55:10.165: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 1 01:55:10.165: dot1x-ev(Fa0/1): Role determination not required
*Mar 1 01:55:10.165: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:55:10.165: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 1 01:55:10.174: EAPOL pak dump Tx
*Mar 1 01:55:10.174: EAPOL Version: 0x2 type: 0x0 length: 0x0005
*Mar 1 01:55:10.174: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 1 01:55:10.174: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x5E000010 (0000.0000.0000)
*Mar 1 01:55:10.174: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_idle_request_action called
*Mar 1 01:55:10.409: dot1x-ev(Fa0/1): Role determination not required
*Mar 1 01:55:10.409: dot1x-packet(Fa0/1): queuing an EAPOL pkt on Auth Q
*Mar 1 01:55:10.409: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar 1 01:55:10.409: EAPOL pak dump rx
*Mar 1 01:55:10.409: EAPOL Version: 0x1 type: 0x1 length: 0x0000
*Mar 1 01:55:10.409: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 0,TYPE= 0,LEN= 0

*Mar 1 01:55:10.409: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar 1 01:55:10.409: dot1x-ev(Fa0/1): Received pkt saddr =d4be.d954.57e8 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0101.0000
*Mar 1 01:55:10.409: dot1x-ev(Fa0/1): Couldn't find the supplicant in the list
*Mar 1 01:55:10.409: dot1x-ev(Fa0/1): New client detected, notifying AuthMgr
*Mar 1 01:55:10.409: dot1x-ev(Fa0/1): Sending event (0) to Auth Mgr for d4be.d954.57e8
*Mar 1 01:55:10.409: dot1x-packet(Fa0/1): Received an EAPOL-Start packet
*Mar 1 01:55:10.409: EAPOL pak dump rx
*Mar 1 01:55:10.409: EAPOL Version: 0x1 type: 0x1 length: 0x0000
*Mar 1 01:55:10.409: dot1x-sm(Fa0/1): Posting EAPOL_START on Client 0x5E000010
*Mar 1 01:55:10.409: dot1x_auth Fa0/1: during state auth_authenticating, got event 4(eapolStart)
*Mar 1 01:55:10.409: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_aborting
*Mar 1 01:55:10.409: dot1x-sm(Fa0/1): 0x5E000010:auth_authenticating_exit called
*Mar 1 01:55:10.409: dot1x-sm(Fa0/1): 0x5E000010:auth_aborting_enter called
*Mar 1 01:55:10.409: dot1x-ev(Fa0/1): 802.1x method gets the go ahead from Auth Mgr for 0x5E000010 (d4be.d954.57e8)
*Mar 1 01:55:10.409: %AUTHMGR-5-START: Starting 'dot1x' for client (d4be.d954.57e8) on Interface Fa0/1
*Mar 1 01:55:10.409: dot1x-sm(Fa0/1): Posting AUTH_ABORT for 0x5E000010
*Mar 1 01:55:10.417: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 1(authAbort)
*Mar 1 01:55:10.417: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_initialize
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_initialize_enter called
*Mar 1 01:55:10.417: dot1x_auth_bend Fa0/1: idle during state auth_bend_initialize
*Mar 1 01:55:10.417: @@@ dot1x_auth_bend Fa0/1: auth_bend_initialize -> auth_bend_idle
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_idle_enter called
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): Posting !AUTH_ABORT on Client 0x5E000010
*Mar 1 01:55:10.417: dot1x_auth Fa0/1: during state auth_aborting, got event 20(no_eapolLogoff_no_authAbort)
*Mar 1 01:55:10.417: @@@ dot1x_auth Fa0/1: auth_aborting -> auth_restart
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_aborting_exit called
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_restart_enter called
*Mar 1 01:55:10.417: dot1x-ev(Fa0/1): Resetting the client 0x5E000010 (d4be.d954.57e8)
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_aborting_restart_action called
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): Posting !EAP_RESTART on Client 0x5E000010
*Mar 1 01:55:10.417: dot1x_auth Fa0/1: during state auth_restart, got event 6(no_eapRestart)
*Mar 1 01:55:10.417: @@@ dot1x_auth Fa0/1: auth_restart -> auth_connecting
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_connecting_enter called
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_restart_connecting_action called
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): Posting RX_REQ on Client 0x5E000010
*Mar 1 01:55:10.417: dot1x_auth Fa0/1: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar 1 01:55:10.417: @@@ dot1x_auth Fa0/1: auth_connecting -> auth_authenticating
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_authenticating_enter called
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_connecting_authenticating_action called
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): Posting AUTH_START for 0x5E000010
*Mar 1 01:55:10.417: dot1x_auth_bend Fa0/1: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar 1 01:55:10.417: @@@ dot1x_auth_bend Fa0/1: auth_bend_idle -> auth_bend_request
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_request_enter called
*Mar 1 01:55:10.417: dot1x-packet(Fa0/1): EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1 data:
*Mar 1 01:55:10.417: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 1 01:55:10.417: dot1x-ev(Fa0/1): Role determination not required
*Mar 1 01:55:10.417: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:55:10.417: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 1 01:55:10.417: EAPOL pak dump Tx
*Mar 1 01:55:10.417: EAPOL Version: 0x2 type: 0x0 length: 0x0005
*Mar 1 01:55:10.417: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 1 01:55:10.417: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x5E000010 (d4be.d954.57e8)
*Mar 1 01:55:10.417: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_idle_request_action called
*Mar 1 01:55:12.162: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 01:55:41.287: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x5E000010
*Mar 1 01:55:41.287: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)
*Mar 1 01:55:41.287: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request
*Mar 1 01:55:41.287: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_request_request_action called
*Mar 1 01:55:41.287: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_request_enter called
*Mar 1 01:55:41.287: dot1x-packet(Fa0/1): EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1 data:
*Mar 1 01:55:41.287: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 1 01:55:41.287: dot1x-ev(Fa0/1): Role determination not required
*Mar 1 01:55:41.287: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:55:41.287: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 1 01:55:41.287: EAPOL pak dump Tx
*Mar 1 01:55:41.287: EAPOL Version: 0x2 type: 0x0 length: 0x0005
*Mar 1 01:55:41.287: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 1 01:55:41.287: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x5E000010 (d4be.d954.57e8)
*Mar 1 01:56:12.157: dot1x-sm(Fa0/1): Posting EAP_REQ for 0x5E000010
*Mar 1 01:56:12.157: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 7(eapReq)
*Mar 1 01:56:12.157: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_request
*Mar 1 01:56:12.157: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_request_request_action called
*Mar 1 01:56:12.157: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_request_enter called
*Mar 1 01:56:12.157: dot1x-packet(Fa0/1): EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1 data:
*Mar 1 01:56:12.157: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 1 01:56:12.157: dot1x-ev(Fa0/1): Role determination not required
*Mar 1 01:56:12.157: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:56:12.157: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 1 01:56:12.157: EAPOL pak dump Tx
*Mar 1 01:56:12.157: EAPOL Version: 0x2 type: 0x0 length: 0x0005
*Mar 1 01:56:12.157: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 1 01:56:12.157: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x5E000010 (d4be.d954.57e8)

root · Jun 8, 2016

Khi PC nhập username và password và nhấn enter gửi gói tin chứng thực. Và log debug cho thấy user này đã xác thực thanh công và trạng thái port f0/1 của switch sẽ chuyển từ trang thái down sang up

*Mar 1 01:56:36.400: EAPOL pak dump rx
*Mar 1 01:56:36.400: EAPOL Version: 0x1 type: 0x0 length: 0x006B
*Mar 1 01:56:36.400: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/1 CODE= 2,TYPE= 25,LEN= 107

*Mar 1 01:56:36.400: dot1x-packet(Fa0/1): Received an EAPOL frame
*Mar 1 01:56:36.400: dot1x-ev(Fa0/1): Received pkt saddr =d4be.d954.57e8 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.006b
*Mar 1 01:56:36.400: dot1x-packet(Fa0/1): Received an EAP packet
*Mar 1 01:56:36.400: EAPOL pak dump rx
*Mar 1 01:56:36.400: EAPOL Version: 0x1 type: 0x0 length: 0x006B
*Mar 1 01:56:36.400: dot1x-packet(Fa0/1): Received an EAP packet from d4be.d954.57e8
*Mar 1 01:56:36.400: dot1x-sm(Fa0/1): Posting EAPOL_EAP for 0x5E000010
*Mar 1 01:56:36.400: dot1x_auth_bend Fa0/1: during state auth_bend_request, got event 6(eapolEap)
*Mar 1 01:56:36.400: @@@ dot1x_auth_bend Fa0/1: auth_bend_request -> auth_bend_response
*Mar 1 01:56:36.400: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_response_enter called
*Mar 1 01:56:36.400: dot1x-ev(Fa0/1): dot1x_sendRespToServer: Response sent to the server from 0x5E000010 (d4be.d954.57e8)
*Mar 1 01:56:36.400: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_request_response_action called
*Mar 1 01:56:37.424: dot1x-packet(Fa0/1): Received an EAP Success
*Mar 1 01:56:37.424: dot1x-sm(Fa0/1): Posting EAP_SUCCESS for 0x5E000010
*Mar 1 01:56:37.424: dot1x_auth_bend Fa0/1: during state auth_bend_response, got event 11(eapSuccess)
*Mar 1 01:56:37.424: @@@ dot1x_auth_bend Fa0/1: auth_bend_response -> auth_bend_success
*Mar 1 01:56:37.424: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_response_exit called
*Mar 1 01:56:37.424: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_success_enter called
*Mar 1 01:56:37.424: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_response_success_action called
*Mar 1 01:56:37.424: dot1x_auth_bend Fa0/1: idle during state auth_bend_success
*Mar 1 01:56:37.424: @@@ dot1x_auth_bend Fa0/1: auth_bend_success -> auth_bend_idle
*Mar 1 01:56:37.424: dot1x-sm(Fa0/1): 0x5E000010:auth_bend_idle_enter called
*Mar 1 01:56:37.424: dot1x-sm(Fa0/1): Posting AUTH_SUCCESS on Client 0x5E000010
*Mar 1 01:56:37.424: dot1x_auth Fa0/1: during state auth_authenticating, got event 12(authSuccess_portValid)
*Mar 1 01:56:37.424: @@@ dot1x_auth Fa0/1: auth_authenticating -> auth_authc_result
*Mar 1 01:56:37.432: dot1x-sm(Fa0/1): 0x5E000010:auth_authenticating_exit called
*Mar 1 01:56:37.432: dot1x-sm(Fa0/1): 0x5E000010:auth_authc_result_enter called
*Mar 1 01:56:37.432: %DOT1X-5-SUCCESS: Authentication successful for client (d4be.d954.57e8) on Interface Fa0/1
*Mar 1 01:56:37.432: dot1x-ev(Fa0/1): Sending event (2) to Auth Mgr for d4be.d954.57e8
*Mar 1 01:56:37.432: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (d4be.d954.57e8) on Interface Fa0/1
*Mar 1 01:56:38.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 1 01:56:38.456: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (d4be.d954.57e8) on Interface Fa0/1
*Mar 1 01:56:38.456: dot1x-ev(Fa0/1): Received Authz Success for the client 0x5E000010 (d4be.d954.57e8)
*Mar 1 01:56:38.456: dot1x-redundancy: State for client d4be.d954.57e8 successfully retrieved
*Mar 1 01:56:38.456: dot1x-sm(Fa0/1): Posting AUTHZ_SUCCESS on Client 0x5E000010
*Mar 1 01:56:38.456: dot1x_auth Fa0/1: during state auth_authc_result, got event 23(authzSuccess)
*Mar 1 01:56:38.456: @@@ dot1x_auth Fa0/1: auth_authc_result -> auth_authenticated
*Mar 1 01:56:38.456: dot1x-sm(Fa0/1): 0x5E000010:auth_authenticated_enter called
*Mar 1 01:56:38.456: dot1x-packet(Fa0/1): EAP code: 0x3 id: 0xB length: 0x0004 type: 0x0 data:
*Mar 1 01:56:38.456: dot1x-ev(Fa0/1): Sending EAPOL packet to group PAE address
*Mar 1 01:56:38.456: dot1x-ev(Fa0/1): Role determination not required
*Mar 1 01:56:38.456: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:56:38.456: dot1x-ev(Fa0/1): Sending out EAPOL packet
*Mar 1 01:56:38.456: EAPOL pak dump Tx
*Mar 1 01:56:38.456: EAPOL Version: 0x2 type: 0x0 length: 0x0004
*Mar 1 01:56:38.456: EAP code: 0x3 id: 0xB length: 0x0004
*Mar 1 01:56:38.456: dot1x-packet(Fa0/1): EAPOL packet sent to client 0x5E000010 (d4be.d954.57e8)

Search

Search

Cisco ASA [Lab 2.5] Port based authen on Switch and NPS windows

root

Leader IT/Architect

[Lab 1.5] Port-based Authentication NPS windows 2012R2 - Part 5

III/ Test và Phân tích

root

Leader IT/Architect

root

Leader IT/Architect

Similar Threads