Step 1 |
For Catalyst
switches, enable 802.1X debugging by running the following in exec
mode:
|
Step 2 |
Validate that client
is sending EAP over LAN (EAPoL) Start message by checking the debug
log. |
Step 3 |
For devices using MAC
Authentication Bypass (MAB), validate that the device is sending
traffic. If the interface is configured with the settings for order and timers that are recommended for Cisco TrustSec 2.1, it will take 30 seconds before the switch will accept and use the traffic from the endpoint to send a MAB request. This is typically not an issue for chatty devices, such as Windows PC devices; however, some printers may take a while to go through the MAB. If you are experiencing long delays to successfully MAB a device, like a printer, consider running the interface-specific command authentication control-direction in to allow traffic from the network to the endpoint prior to authentication, which could accelerate the MAB process. |