I've been scratching my head with this issue, thus reaching out for help. I have a 3560G running 2.2(58)SE2 and I want to configure dot1x. Here is the config:
aaa new-model aaa group server radius myradius aaa group server tacacs+ mytacacs aaa authentication login mylocal local aaa authentication login mytacacs group mytacacs local aaa authentication dot1x default group myradius aaa authorization config-commands aaa authorization network default group myradius aaa authorization network myradius group radius aaa server radius dynamic-author aaa session-id common
interface GigabitEthernet0/11 switchport access vlan 500 switchport mode access switchport voice vlan 600 srr-queue bandwidth share 1 30 35 5 priority-queue out authentication host-mode multi-auth authentication order mab dot1x authentication priority mab dot1x authentication port-control auto authentication periodic authentication timer reauthenticate server mab mls qos trust device cisco-phone mls qos trust dscp dot1x pae authenticator dot1x timeout server-timeout 30 dot1x max-req 3 dot1x max-reauth-req 3 spanning-tree portfast spanning-tree bpduguard enable end
The phone authenticates without a problem (looking at the logs on the radius server), but the PC behind it does not. Also (I'm not where this phone & pc are) I was told that the port was showing an amber light. The phone works but the PC doesn't - I can't ping it or can't ping out from the PC either. The odd part is that this was working before, but today we decided to test again before deploying it in prod. All we did is plug back in a phone with a pc (just like a month ago before this pandemic) and it worked. Nothing has been changed on the config since. I noticed the mac address of phone nor pc doesn't show on the port.
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...
In this guide will we be taking a look at how to configure the web.config file using the URL Rewrite tool when deploying the TETRA update server. This guide is meant as a companion to the existing guides and to help fill in some in...
Note: This guide is provided as a best effort to better help users understand the potential impact running multiple clients with TETRA, SPERO, ETHOS, DFC and SHA256 Lookups enabled and their bandwidth usage. The sizes in these guides are s...
When I log into my application, I'm suddenly asked to create a new organization. Did something change or migrate? I already had an organization.
You may be starting from security.cisco.com and mistakenly clicking "SecureX sign-on...
I followed these instructions and setup all my accounts to use SecureX sign-on, including my AMP account (my Cisco Security Account - CSA). When I use SecureX, and I click on the AMP "launch" button, I have to login again. Why?