刚装一台2960S,版本12.2(55)SE8,配置dot1X后无法认证具体如下:
配置:
aaa new-model
aaa authentication login default line none
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
interface GigabitEthernet1/0/1
switchport mode access
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast
radius-server host 172.16.70.51 auth-port 1812 acct-port 1813 key phfund
radius-server host 172.16.70.48 auth-port 1812 acct-port 1813 key phfund
radius-server retry method reorder
radius-server timeout 3
radius-server deadtime 3
radius-server vsa send authentication
接入PC后抓包:
Mar 30 01:50:42.062: dot1x-packet(Gi1/0/1): queuing an EAPOL pkt on Auth Q
Mar 30 01:50:42.062: dot1x-packet(Gi1/0/1): Received an EAPOL frame
Mar 30 01:50:42.062: dot1x-packet(Gi1/0/1): Received an EAPOL-Start packet
Mar 30 01:50:42.062: EAPOL pak dump rx
Mar 30 01:50:42.062: EAPOL Version: 0x1 type: 0x1 length: 0x0000
Mar 30 01:50:42.067: EAPOL pak dump Tx
Mar 30 01:50:42.067: EAPOL Version: 0x3 type: 0x0 length: 0x0004
Mar 30 01:50:42.067: EAP code: 0x4 id: 0x1 length: 0x0004
Mar 30 01:50:42.067: dot1x-packet(Gi1/0/1): dot1x_auth_txCannedStatus: EAPOL packet sent to client 0x28000006 (001f.1635.b5c8)
在radius服务器上没有数据过来。
show:
Sysauthcontrol Enabled
Dot1x Protocol Version 3
Dot1x Info for GigabitEthernet1/0/1
-----------------------------------
PAE = AUTHENTICATOR
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
求大神帮忙看看。
