08-05-2015 05:39 AM - edited 03-10-2019 10:57 PM
Hi guys,
I'm working on configuring 802.1x on a 3750 and a free WinRadius server.
WinRadius is up and running, I can even test authentication using the testing tool as per image.
I've also ran the testing command from the switch to make sure that it can communicate with the Radius and it was successful:
Switch#test aaa group radius cisco cisco new-code
User successfully authenticated
However, when I try to authenticate from the host/laptop I get an authentication failure. I do get prompted to enter the username and password. however, for some reason the Radius seems to be returning an failure to authenticate.
Error on the switch shows:
*Mar 1 20:45:14.133: %LINK-3-UPDOWN: Interface FastEthernet1/0/16, changed state to up
*Mar 1 20:45:22.387: %DOT1X-5-FAIL: Authentication failed for client (ecf4.bb08.7e76) on Interface Fa1/0/16 AuditSessionID C0A80A1E0000001F0474044A
*Mar 1 20:45:22.387: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (ecf4.bb08.7e76) on Interface Fa1/0/16 AuditSessionID C0A80A1E0000001F0474044A
*Mar 1 20:45:22.387: %AUTHMGR-5-FAIL: Authorization failed for client (ecf4.bb08.7e76) on Interface Fa1/0/16 AuditSessionID C0A80A1E0000001F0474044A
Switch#sho authentication sessions int f1/0/16
Interface: FastEthernet1/0/16
MAC Address: Unknown
IP Address: Unknown
Status: Running
Domain: UNKNOWN
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: single-host
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A80A1E0000002004751782
Acct Session ID: 0x00000027
Handle: 0x4D000020
Runnable methods list:
Method State
dot1x Running
And on the Radius server it shows that user authentication failed.
I'm not sure where the issue is...
Switch configuration for dot1x is:
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
authentication mac-move permit
interface FastEthernet1/0/16
switchport access vlan 10
switchport mode access
authentication port-control auto
dot1x pae authenticator
interface FastEthernet1/0/20
switchport access vlan 10
interface Vlan10
ip address 192.168.10.30 255.255.255.0
!
!
ip sla enable reaction-alerts
radius-server host 192.168.10.10 auth-port 1812 acct-port 1813 key WinRadius
!
I'm not sure what I'm doing wrong...
Can you please have a look and advise??
06-26-2016 01:18 AM
Haidar,
I was able to have success if I changed the settings in WinRadius. Those are:
Authorization Port 1645
Accounting Port 1646
Let me know if that helps.
-Jason
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide