07-20-2005 03:31 PM - edited 03-10-2019 02:14 PM
Hi All,
I have configured dot1x authentication on 3750 switch and configured a Windows 2003 radius server as an authentication server. When running debugs aaa and dot1x, I do see the reject coming from the Windows Radius server. It says length of packet = 0. I am attaching debugs along with this post. Any thoughts would be appreciated. I am using EAP-MSCHAPv2 on Windows XP workstation and on Windows Radius server with AD in the backend.
Configuration 3750 Switch -
aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control
!
interface FastEthernet1/0/2
description PC connected to Phones with Authorization
switchport access vlan 10
switchport mode access
switchport voice vlan 6
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout quiet-period 30
dot1x timeout reauth-period 14400
spanning-tree portfast
!
radius-server host 10.72.2.154 auth-port 1645 acct-port 1646 key 7 0023433247650
radius-server source-ports 1645-1646
Regards -
Rakesh
07-26-2005 11:08 AM
Here is a document on 802.1x Configuration Guidelines.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225se/3550scg/sw8021x.htm#wp1025090
07-26-2005 01:34 PM
There's probably not enough information here. The switch will not know why auth failed. AAA will. I would look in the AAA logs to see the error code for the failure of the "FMNET\bhugel" user account.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide