Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1028
Views
0
Helpful
5
Replies

dot1x commands missing from IOS

Richard Klinkbeil
Level 1
Level 1

‎05-05-2017 07:28 PM - edited ‎03-11-2019 12:42 AM

Hey all, I have this weird issue and its probably just an IOS versioning thing. 

I currently have "Version 15.1(2)SY6, RELEASE SOFTWARE (fc4)" running on my C6509 (non E chassis) and I do not have the ability to implement dot1x on switchports.

If I turn the switchport into a routed port, I then have all the dot1x commands available. Everything I read says 12.2.xx and on supports it.

Will I need to go back to IOS 12 in order to restore the dot1x commands on all switchports? I could have sworn I had dot1x running before, but I did upgrade to version 15 awhile ago, so I cant remember what version I was on when it worked.

Labels:
0 Helpful
5 Replies 5

Mohamed Abd Elnaser Mohamed Mohamed Ali
Level 1
Level 1

‎05-07-2017 12:50 PM

Hi Richard

It sound wired what you have, but does the command executes with an error or it doesn't accept the command at all.

I assume that 802.1X is globally enabled (via dot1x system-auth-control) since it applies to the Routed ports.

One silly thing I should ask before configuring this 802.1x commands, do your interfaces are configured as static switchports (via switchport and switchport mode access) commands as it would reject dot1x commands if it isn't configured.

Do you have Port security enabled with sticky MAC addresses or static secure MAC addresse on these ports you are trying to configure as with Release 15.1(1)SY1 and later, you cannot configure 802.1X authentication with port security with sticky MAC addresses or static secure MAC addresses. 

0 Helpful

Richard Klinkbeil
Level 1
Level 1
In response to Mohamed Abd Elnaser Mohamed Mohamed Ali

‎05-08-2017 07:39 AM

Good question. By default the ports will be "routed" so initially I will enter the "switchport"  and "switchport mode access" commands to get them where I need them to be.

Port security is currently not enabled on the ports. And dot1x is enabled globally.

Also, the line cards in question are WS-X6148A-GE-45AF. I also have a WS-X6724-SFP and it has all of the dot1x commands available. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Richard Klinkbeil

‎05-08-2017 08:16 AM

Try first assigning the switchports to an access VLAN - even if it is VLAN 1.

Without an explicit assignment to a VLAN, the interface level dot1x commands aren't always available.

0 Helpful

Richard Klinkbeil
Level 1
Level 1
In response to Marvin Rhoads

‎05-09-2017 09:57 PM

Marvin, I do have them in a vlan, see below for the generic config on each port.

interface GigabitEthernet1/30
description THEATER
switchport
switchport access vlan 40
spanning-tree portfast edge
end

0 Helpful

Mohamed Abd Elnaser Mohamed Mohamed Ali
Level 1
Level 1
In response to Richard Klinkbeil

‎05-09-2017 10:31 PM

Hi Richard

Did you configure the ports as a static access port with "switchport mode access" and checked if the dot1x command is accepted or there.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents