https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392586#M2959 <HTML><HEAD></HEAD><BODY><P>We are not doing dynamic vlan assignment.</P><P>When Radius dies, the switch should by default authorize all the users.</P><P></P><P>If customer using dynamic vlan assignment, I will vote for the second option:</P><P>Automatically unconfigure 802.1x when RADIUS dies and place into some other VLAN, so as not to "disturb" any other auth'd clients? </P><P>maybe use Guest vlan method.</P></BODY></HTML> Fri, 04 Mar 2005 05:33:08 GMT zhichao 2005-03-04T05:33:08Z https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392582#M2955 <P></P><P>Understand that dot1x can use either radius-eap or none as authentication method. However I cannot get it working with the following (No Authentication) :</P><P> &gt; aaa authentication dot1x default none</P><P></P><P>However, my 802.1x works fine when I specify </P><P> &gt; aaa authentication dot1x default group radius</P><P></P><P>So, why does the Cisco 3550 still prompt me for EAP authentication despite the authentication method is none?</P><P></P><P></P> Fri, 21 Feb 2020 18:12:15 GMT https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392582#M2955 roy-sam 2020-02-21T18:12:15Z https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392583#M2956 <HTML><HEAD></HEAD><BODY><P>dot1x cannot use "none" as an authentication method. This is a legacy left-over from existing aaa configs, and does not work with EAP. Currently, if EAP breaks for any reason authentication cannot complete.</P><P></P><P>Hope this helps.</P></BODY></HTML> Thu, 10 Feb 2005 04:39:51 GMT https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392583#M2956 jafrazie 2005-02-10T04:39:51Z https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392584#M2957 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>In that case, how do we backup the radius server? Assuming we only have one radius.</P><P></P><P>thanks</P><P></P></BODY></HTML> Thu, 03 Mar 2005 07:53:26 GMT https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392584#M2957 zhichao 2005-03-03T07:53:26Z https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392585#M2958 <HTML><HEAD></HEAD><BODY><P>Well, assuming you only had one, and didn't build any redundancy, 802.1x would not work for any subsequent auth sessions.</P><P></P><P>What would you need it to do?</P><P></P><P>Automatically unconfigure 802.1x when RADIUS dies?</P><P>Automatically unconfigure 802.1x when RADIUS dies and place into some other VLAN, so as not to "disturb" any other auth'd clients?</P><P>Fail closed?</P></BODY></HTML> Thu, 03 Mar 2005 16:00:59 GMT https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392585#M2958 jafrazie 2005-03-03T16:00:59Z https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392586#M2959 <HTML><HEAD></HEAD><BODY><P>We are not doing dynamic vlan assignment.</P><P>When Radius dies, the switch should by default authorize all the users.</P><P></P><P>If customer using dynamic vlan assignment, I will vote for the second option:</P><P>Automatically unconfigure 802.1x when RADIUS dies and place into some other VLAN, so as not to "disturb" any other auth'd clients? </P><P>maybe use Guest vlan method.</P></BODY></HTML> Fri, 04 Mar 2005 05:33:08 GMT https://community.cisco.com/t5/network-access-control/802-1x-authentication/m-p/392586#M2959 zhichao 2005-03-04T05:33:08Z