12-18-2019 01:24 AM
On cisco sw we set:
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
radius server CISCO
address ipv4 10.253.3.12 auth-port 1812 acct-port 1813
key PASSWORD
dot1x system-auth-control
interface GigabitEthernet1/0/15
description test_port
switchport access vlan 301
switchport mode access
authentication event no-response action authorize vlan 304
authentication host-mode multi-auth
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast edge
Can you please assist and tell if the issue is on a windows server. When connected to port 1/0/15 auth. is not done. Idea is to authenticate with domain user credentials, and allow user to access vlan 301.
12-18-2019 07:27 AM
It is not recommended to use 802.1x on server ports. It is assumed that servers reside within a datacenter or other physically secure environment. You don't want to take the chance of 802.1x failing and then services/resources are not available to users. With that said, there is more to 802.1x than the network side. You have to also ensure that you have a supplicant configured on the client system that needs to authenticate. 802.1x is a client-server process. On the client, ensure the "Wired AutoConfig" service is running. Then go to the properties of the ethernet adapter. You will see an Authentication tab. In there, you configure how you want the client to authenticate, whether machine or user credentials, machine-only, certificate or not, etc. To use the machine credentials, set it to computer-only and use PEAP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide