I am in the same situation. I have the following config:

Model: 2950

Version: IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA8, RELEASE SOFTWARE (fc1)

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

dot1x system-auth-control

interface FastEthernet0/24

switchport access vlan 4

switchport mode access

dot1x port-control auto

spanning-tree portfast

radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 key xxxxxx

radius-server retransmit 3

When I do a debug on Radius I get nothing. When I do a debug on dot1x I get a lot of messages. Could you please help me to understand what you did on your config. Also, how did you setup Windows XP? I am currently using XP with SP1.

Thanks,

Does this help?

<http://www.cisco.com/application/pdf/en/us/guest/netsol/ns75/c654/cdccont_0900aecd803fab62.pdf>

Let me know when you get a chance,

Yes this helped. The switch contacted the radius server and I saw log messages from it. However, I now need help getting the PC to authenticate to the radius server. I am using freeradius. I am open to any ideas anyone has.

Thanks,

Hello stephen,

Is the IP communication between the switch and the radius server fine ? Is the radius server on a seperate segment ? Once u have this setup, u just need to define the username/password on the radius server and see if authenticates thro the switch. do a debug aaa authentication, debug dot1x events/packets etc to see what happens when the user logs in !!!

configs:

aaa new-model

aaa authentication dot1x default group radius local

dot1x system-auth-control

dot1x guest-vlan supplicant

interface FastEthernet1/0/47

switchport access vlan 777

switchport mode access

dot1x port-control auto

dot1x timeout tx-period 15

dot1x guest-vlan 10

dot1x reauthentication

spanning-tree portfast

ip dhcp snooping trust

If authentication phase passes, the user will be put in VLAN 777. if there is any guest plugging into this PC, without a dot1x client, he will be put on guest vlan 10..

Hope this helps.. all the best. rate replies if found useful..

Raj

hi everybody,

sorry for answering your post so late, i hadn't seen your post earlier.

i followed what's written on http://www.cisco.com/warp/public/480/acs-eap.pdf for configuring acs,CA server,client xp (the difference is that i configured wired network card instead of wireless card).

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12119ea1/2950scg/swauthen.pdf for the configuration of switch

hope it helps

Hi,

I think this problem is related to freeradius. I was doing some tests with freeradius and it didn't work. So I changed to ACS (no changes on switch config) and it worked fine.

It could be some parameter that must be modified on freeradius, but I don't know what is!

regards,

thanks harinirira for the links...