04-10-2012 09:39 PM - edited 03-10-2019 06:59 PM
Hi,
I have a 2960 sw configured for dot1x authentication, the problem is the Guest VLAN and Restricted VLAN didnot work. The switch port was stuck in authenticating status.
The server is Juniper IC4500.
Switch is 2960G, IOS 15.0(1)SE2
the configuration:
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization exec default local
aaa authorization network default group radius
!
!
dot1x system-auth-control
dot1x test timeout 30
dot1x guest-vlan supplicant
dot1x critical eapol
!
!
interface FastEthernet0/32
switchport access vlan 28
switchport mode access
authentication event fail action authorize vlan 41
authentication event server dead action authorize vlan 41
authentication event server dead action authorize voice
authentication event no-response action authorize vlan 41
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab
authentication port-control auto
authentication timer reauthenticate 300
authentication violation protect
mab eap
dot1x pae authenticator
dot1x timeout quiet-period 5
dot1x max-req 1
dot1x max-reauth-req 1
dot1x max-start 1
spanning-tree portfast
!
Anyone with experience on this pls help.
Thanks,
hoanghiep
04-12-2012 12:35 PM
take "dot1x timeout quiet-period 5" off the config. Default if "5" second but i say set it to somethine like an hour or so.
Default is 60 second.
oohh btw this command tell the switch to stay quiet for X seconds on failed auth.
04-15-2012 02:35 AM
forgot to mention that multi-auth do not support actions on either no-response or fail authentication events. So you need to set host-mode to MDA or single host.
Ref:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide