05-07-2009 11:35 PM - edited 02-21-2020 10:23 AM
I am having 2960 switch on which dot1x is configured. It is also configured for AAA authentication. when user tries to connect to a local network, it gets authencated from a radius server and a user is allowed in a network.
Now I want all critical users to get connected in the network evenif the radius server is not reachable.
Hence for the same I have configured the 802.1x "inaccessible authentication bypass" feature as per cisco configuration guide.
But still, whenever I unpluge the radius server and try to connect the user in network, Dot1x asks for the username and password and do not allow network connection.
I have even tried using the radius as a first auth. and local database as a second auth. method. But still no success.
Does anybody has experianced this problem???
05-08-2009 09:58 AM
Hello Prashant
Can you post the port configurations here ? have you configured the critical port, radius parameters etc, and does the switch recognize that the radius server is down ?
I think this is more to do with the design of the entire dot1x authentication.. I have tried this in labs and have had tough times, generating these scenarios.. we would hardly able to justify this feature on the network. I think it is highly advisible to have dual radius servers (or even more than 2), and configure the switches with standby radius servers.. I really wouldnt want my network enabled with 802.1x and having issues contacting the radius server.. even though we have options and solutions to overcome it, i wouldnt want too many complications on the 802.1x front..
Hope this helps.. all the best.. rate replies if found useful..
Raj
06-27-2017 02:08 PM
Did you resolve this issue?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide