cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1826
Views
0
Helpful
2
Replies

Dot1x guest VLAN on 2960G

hoanghiep
Level 1
Level 1

Hi,

I have a 2960 sw configured for dot1x authentication, the problem is the Guest VLAN and Restricted VLAN didnot work. The switch port was stuck in authenticating status.

The server is Juniper IC4500.

Switch is 2960G, IOS 15.0(1)SE2

the configuration:

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication dot1x default group radius

aaa authorization exec default local

aaa authorization network default group radius

!

!

dot1x system-auth-control

dot1x test timeout 30

dot1x guest-vlan supplicant

dot1x critical eapol

!

!

interface FastEthernet0/32

switchport access vlan 28

switchport mode access

authentication event fail action authorize vlan 41

authentication event server dead action authorize vlan 41

authentication event server dead action authorize voice

authentication event no-response action authorize vlan 41

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication order mab

authentication port-control auto

authentication timer reauthenticate 300

authentication violation protect

mab eap

dot1x pae authenticator

dot1x timeout quiet-period 5

dot1x max-req 1

dot1x max-reauth-req 1

dot1x max-start 1

spanning-tree portfast

!

Anyone with experience on this pls help.

Thanks,

hoanghiep

2 Replies 2

shoaibkhan
Level 1
Level 1

take "dot1x timeout quiet-period 5" off the config. Default if "5" second but i say set it to somethine like an hour or so.

Default is 60 second.

oohh btw this command tell the switch to stay quiet for X seconds on failed auth.

forgot to mention that multi-auth do not support actions on either no-response or fail authentication events. So you need to set host-mode to MDA or single host.

Ref:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1454875

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: