topic Re: 802.1X on switch 2950 in Network Access Control

802.1X on switch 2950

harinirina — Sun, 10 Mar 2019 21:41:42 GMT

Hi,

I tried to configure 802.1X on a 2950 switch, i can't connect from a pc.

That's what i did on:

* ACS

aaa client ip IP_Switch

authenticate : radius (ietf)

key : xxxxx

a certificate has been created on a ca server and installed on the acs (on same machine, i choose "use certificate from storage")

* WIN XP

Type EAP : PEAP

Secured password : EAP-MSCHAP V2

* SWITCH

aaa authentication dot1x default group radius

interface fastethernet0/1

switchport mode access

dot1x port-control auto

radius-server host IP_ACS auth-port 1645 key xxxxx

I created user (same as used for logging on the client) on ACS, i always get "authentication failed"

Re: 802.1X on switch 2950

harinirina — Thu, 03 Aug 2006 12:21:42 GMT

The problem is solved.

EAP has not been checked in global authentication setup

Re: 802.1X on switch 2950

stephen — Wed, 09 Aug 2006 15:05:06 GMT

I am in the same situation. I have the following config:

Model: 2950

Version: IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA8, RELEASE SOFTWARE (fc1)

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

dot1x system-auth-control

interface FastEthernet0/24

switchport access vlan 4

switchport mode access

dot1x port-control auto

spanning-tree portfast

radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 key xxxxxx

radius-server retransmit 3

When I do a debug on Radius I get nothing. When I do a debug on dot1x I get a lot of messages. Could you please help me to understand what you did on your config. Also, how did you setup Windows XP? I am currently using XP with SP1.

Thanks,

Re: 802.1X on switch 2950

jafrazie — Wed, 09 Aug 2006 17:30:27 GMT

Does this help?

<http://www.cisco.com/application/pdf/en/us/guest/netsol/ns75/c654/cdccont_0900aecd803fab62.pdf>

Let me know when you get a chance,

Re: 802.1X on switch 2950

stephen — Wed, 27 Sep 2006 14:31:18 GMT

Yes this helped. The switch contacted the radius server and I saw log messages from it. However, I now need help getting the PC to authenticate to the radius server. I am using freeradius. I am open to any ideas anyone has.

Thanks,

Re: 802.1X on switch 2950

elie_andika — Mon, 08 Jan 2007 04:24:22 GMT

hye hairinirina, i'm also have the same problem, but cannot be solved till now, user authentication failed to log on to network, could u give me some advice regarding to this problem, any configuration examples...thanks..

Re: 802.1X on switch 2950

sachinraja — Mon, 15 Jan 2007 02:20:22 GMT

Hello stephen,

Is the IP communication between the switch and the radius server fine ? Is the radius server on a seperate segment ? Once u have this setup, u just need to define the username/password on the radius server and see if authenticates thro the switch. do a debug aaa authentication, debug dot1x events/packets etc to see what happens when the user logs in !!!

configs:

aaa new-model

aaa authentication dot1x default group radius local

dot1x system-auth-control

dot1x guest-vlan supplicant

interface FastEthernet1/0/47

switchport access vlan 777

switchport mode access

dot1x port-control auto

dot1x timeout tx-period 15

dot1x guest-vlan 10

dot1x reauthentication

spanning-tree portfast

ip dhcp snooping trust

If authentication phase passes, the user will be put in VLAN 777. if there is any guest plugging into this PC, without a dot1x client, he will be put on guest vlan 10..

Hope this helps.. all the best. rate replies if found useful..

Raj

Re: 802.1X on switch 2950

harinirina — Thu, 18 Jan 2007 07:01:55 GMT

hi everybody,

sorry for answering your post so late, i hadn't seen your post earlier.

i followed what's written on http://www.cisco.com/warp/public/480/acs-eap.pdf for configuring acs,CA server,client xp (the difference is that i configured wired network card instead of wireless card).

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12119ea1/2950scg/swauthen.pdf for the configuration of switch

hope it helps

Re: 802.1X on switch 2950

marcelo.zilio — Wed, 31 Jan 2007 13:37:12 GMT

Hi,

I think this problem is related to freeradius. I was doing some tests with freeradius and it didn't work. So I changed to ACS (no changes on switch config) and it worked fine.

It could be some parameter that must be modified on freeradius, but I don't know what is!

regards,

Re: 802.1X on switch 2950

elie_andika — Tue, 06 Feb 2007 02:33:40 GMT

thanks harinirira for the links...