802.1x setup issues

athens45 · ‎12-18-2019

On cisco sw we set:

aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius

radius server CISCO
address ipv4 10.253.3.12 auth-port 1812 acct-port 1813
key PASSWORD
dot1x system-auth-control

interface GigabitEthernet1/0/15
description test_port
switchport access vlan 301
switchport mode access
authentication event no-response action authorize vlan 304
authentication host-mode multi-auth
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast edge

Can you please assist and tell if the issue is on a windows server. When connected to port 1/0/15 auth. is not done. Idea is to authenticate with domain user credentials, and allow user to access vlan 301.

Colby LeMaire · ‎12-18-2019

It is not recommended to use 802.1x on server ports. It is assumed that servers reside within a datacenter or other physically secure environment. You don't want to take the chance of 802.1x failing and then services/resources are not available to users. With that said, there is more to 802.1x than the network side. You have to also ensure that you have a supplicant configured on the client system that needs to authenticate. 802.1x is a client-server process. On the client, ensure the "Wired AutoConfig" service is running. Then go to the properties of the ethernet adapter. You will see an Authentication tab. In there, you configure how you want the client to authenticate, whether machine or user credentials, machine-only, certificate or not, etc. To use the machine credentials, set it to computer-only and use PEAP.