cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1443
Views
0
Helpful
3
Replies

Help with 4506 802.1x Port Based Authentication (Wired)

rvaguilera
Level 1
Level 1

Hi all,

I'm trying to configure wired 802.1x security on a Catalyst 4506 IOS 12.1.19(EW), using Microsoft IAS (Microsoft's RADIUS), and Windows 2000 SP4 clients.

I've followed the procedures in the 4506 Software configuration guide and they seem to be straight forward.

I then turn 802.1x Debugging on the switch to monitor the 802.1x traffic, but there is none. If I bring the configured interface down and then back up, I do get some status change, but it seems like the switch is not sending or receiving EAPOL frames.

I then execute the dot1x "initialize" and also tried the "re-authenticate" commands, but I get an error saying that FastEthernet 2/2 is not a valid dot1x interface. The line card model number is WS-X4148-RJ21. Is the card not 802.1x compatible?

The switch does not throw any errors when I configure FastEthernet 2/2 as a 802.1x port by executing

dot1x port-control auto

i've also configured the interface to be a plain L2 access port by executing

switchport mode access

any help will be appreciated!

3 Replies 3

alian2000
Level 1
Level 1

hi ,

i am planing to do the same thing so i am woundering if did work for you using the MS IAS.

plz let me know

thanks

yes, i got it to work with Windows Server 2003 IAS. This version has the Tunnel-Tag attribute which is not in the Windows 2000 version of IAS.

I am currently trying to get 802.1x port authentication working on a Cat3550 against Win2003 IAS but the IAS log shows a invalid message-authenticator error. The 3550 just shows failed. When I authenticate against Cisco ACS (by simply changing the radius-server) it works perfectly.

However, I am successfully using IAS to authenticate WPA users on AP1210s so RADIUS appears to be OK working OK.

Are there special attributes that need to be configured on the switch or IAS?