cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1206
Views
0
Helpful
1
Replies

802.1x Inaccessible Authentication Bypass issues

Hi,

I am trying to configure 802.1x Inaccessible Authentication Bypass. 

Currently we have a radius group set up and a radius server configured. I have configured a port on the switch for dot1x authentication of an IP phone (using MAB) and the PC connected to the phone on the data vlan.

All works as expected and I see both phone and PC being authenticated. 

Now, when trying to configure the 802.1x Inaccessible Authentication Bypass as per one of Cisco's document (section from document is below)

This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# interface gigabitethernet 1/0/1
Switch(config)# radius-server deadtime 60
Switch(config-if)# authentication event server dead action reinitialicze vlan 20
Switch(config-if)# switchport voice vlan
Switch(config-if)# end

I have no problem with adding the config (and changing the IPs and ports to reflect my setup) but when I enter the below command:

radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username user1 idle-time 30 key abc1234

I get the following error from the switch:

New type server exists with same address port combination

I assume that the username is a local user that has been configured on the Radius Server and that the key is that users password. 

Any ideas on why this is erroring when adding the command would be very helpful.

Thanks

Nick

1 Reply 1

The error message you received "New type server exists with same address port combination" means there is another RADIUS server configured using the new syntax, such as below:

radius server RADIUS
 address ipv4 1.1.1.2 auth-port 1560 acct-port 1550
 key abc1234

The command "radius-server" is being depreciated, so you should probably use the syntax above to define RADIUS servers.