Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1443
Views
0
Helpful
2
Replies

802.1X IAS Switch 3750

matthewlogan46
Beginner
Beginner

‎10-11-2012 12:05 PM - edited ‎03-10-2019 07:40 PM

Hi,

I am configuring authentication 802.1X in my Access Switchs. The switchs are WS-C3750G-24PS running C3750-IPBASEK9-M, Version 15.0(1)SE2, RELEASE SOFTWARE (fc3). The Radius server is a IAS server, in the IAS there is a Remote Policy with the Windows Group of the users and the atributtes Service Type (Frame), Tunnel-Medium-Type (802), Tunnel-Pvt-Group-ID (100) and Tunnel-Type (Vlan) were configured.

The configuration in a switch is as follow:

aaa new-model

aaa session-id common

aaa authentication dot1x default group radius

aaa authorization network default group radius

radius-server host 192.168.11.28 key 7 093204802934802934123132132123

interface GigabitEthernet1/0/23
switchport mode access
authentication event fail retry 5 action authorize vlan 5
authentication event no-response action authorize vlan 5
authentication port-control auto
authentication periodic
authentication violation protect
dot1x pae authenticator
dot1x timeout quiet-period 300
dot1x timeout server-timeout 30
dot1x timeout tx-period 2
dot1x timeout supp-timeout 2
dot1x max-reauth-req 10
dot1x timeout held-period 300
spanning-tree portfast
end

I have these logs, when I connect a workstation with 802.1x configured:

016569: *Mar  2 04:07:37: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/23, changed state to up
016570: *Mar  2 04:07:41: %DOT1X-5-FAIL: Authentication failed for client (2965.0a1d.3431) on Interface Gi1/0/23 AuditSessionID C0A813FD000000CE06090907
016571: *Mar  2 04:07:41: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (2965.0a1d.3431) on Interface Gi1/0/23 AuditSessionID C0A813FD000000CE06090907
016572: *Mar  2 04:07:41: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (2965.0a1d.3431) on Interface Gi1/0/23 AuditSessionID C0A813FD000000CE06090907
016573: *Mar  2 04:08:09: %DOT1X-5-FAIL: Authentication failed for client (2965.0a1d.3431) on Interface Gi1/0/23 AuditSessionID C0A813FD000000CE06090907
016574: *Mar  2 04:08:09: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (2965.0a1d.3431) on Interface Gi1/0/23 AuditSessionID C0A813FD000000CE06090907

Other show commands:

Switch#show dot1x interface gigabitEthernet 1/0/23 detail

Dot1x Info for GigabitEthernet1/0/23
-----------------------------------
PAE                       = AUTHENTICATOR
PortControl               = AUTO
ControlDirection          = Both
HostMode                  = SINGLE_HOST
QuietPeriod               = 5
ServerTimeout             = 10
SuppTimeout               = 2
ReAuthMax                 = 10
MaxReq                    = 2
TxPeriod                  = 2

Dot1x Authenticator Client List
-------------------------------
EAP Method                = (0)
Supplicant                = 2965.0a1d.3431

Session ID                = C0A813FD000000CF060CE68E
    Auth SM State         = HELD
    Auth BEND SM State    = IDLE

Any idea?

Any suggest?

Labels:
0 Helpful