07-20-2004 10:32 AM - edited 03-10-2019 07:55 AM
I want to implement 802.1x with Windows2000 pro-SP4 and Catalyst switches. Not wireless but through RJ45 cable connection.
How can I enable the 802.1x in the W2K SP4 ?
Thanks,
Solved! Go to Solution.
07-20-2004 11:24 AM
802.1x support should come by default with SP4 as it contains functionality from the SP3 hotfix for 802.1x ( Microsoft Knowledge Base Article - 313664). After enabling or upgrading to SP4 though, you need to enable the Wireless Zero Config Service.
You'll notice you see an Authentication Tab under your Local Area Connection properties window upon doing so.
Hope this helps.
07-20-2004 11:24 AM
802.1x support should come by default with SP4 as it contains functionality from the SP3 hotfix for 802.1x ( Microsoft Knowledge Base Article - 313664). After enabling or upgrading to SP4 though, you need to enable the Wireless Zero Config Service.
You'll notice you see an Authentication Tab under your Local Area Connection properties window upon doing so.
Hope this helps.
07-20-2004 12:08 PM
Thanks your prompt reply,
I can get the authentiation tab since start the wireless service but problem to authenticating.
1. w2k client.
enable 802.1x and EAP type=MD5-challenge
2. 6509
aaa new-model
aaa authentication login default group radius
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
dot1x system-auth-control
!
interface GigabitEthernet6/2
no ip address
logging event link-status
switchport
switchport access vlan 10
switchport mode access
dot1x port-control auto
!
radius-server host 10.147.153.100 auth-port 1812 acct-port 1813 key 7 071B245F5A
3. CSACS
- create network interface with RADIUS-IEEE
- configure RADIUS attribute 64,65,81
4. I attach a station into the 6509 port g6/2 and successfuly get the prompt but authenticaiton fail with the following messages,
*Jul 20 19:34:23: dot1x-ev:Got a Request from SP to send it to Radius with id 8
*Jul 20 19:34:23: dot1x-ev:Couldn't Find a process thats already handling the re
quest for this id 0
*Jul 20 19:34:23: dot1x-ev:Found a free slot at slot 0
*Jul 20 19:34:23: dot1x-ev:dot1x_send_resp_to_server: copying mac=0003.4793.7b22
*Jul 20 19:34:23: dot1x-ev:Created a New process with Id 149
*Jul 20 19:34:23: dot1x-ev:Successfully created a process to handle this aaa req
uest
*Jul 20 19:34:23: dot1x-ev:Inserted the request on to list of pending requests
*Jul 20 19:34:23: dot1x-ev:Request id = 8 and length = 9
*Jul 20 19:34:23: dot1x-ev:The Interface on which we got this AAA Request is Gig
abitEthernet6/2
*Jul 20 19:34:23: dot1x-ev:Username is test
*Jul 20 19:34:23: dot1x-ev:MAC Address is 0000.0000.0000
*Jul 20 19:34:23: RADIUS: ustruct sharecount=2
*Jul 20 19:34:23: Radius: radius_port_info() success=0 radius_nas_port=1
*Jul 20 19:34:23: RADIUS: EAP-login: RemAddr =3030.2d30.302d
*Jul 20 19:34:23: RADIUS: EAP-login: length of radius packet = 98 code = 1
*Jul 20 19:34:23: RADIUS: Initial Transmit GigabitEthernet6/2 id 16 10.147.153.1
00:1812, Access-Request, len 98
*Jul 20 19:34:23: Attribute 4 6 0A939901
*Jul 20 19:34:23: Attribute 61 6 00000000
*Jul 20 19:34:23: Attribute 1 6 74657374
*Jul 20 19:34:23: Attribute 6 6 00000002
*Jul 20 19:34:23: Attribute 12 6 000003E8
*Jul 20 19:34:23: Attribute 31 19 30302D30
*Jul 20 19:34:23: Attribute 79 11 02000009
*Jul 20 19:34:23: Attribute 80 18 4B982008
*Jul 20 19:34:28: RADIUS: Retransmit id 16
*Jul 20 19:34:33: RADIUS: Retransmit id 16
*Jul 20 19:34:38: RADIUS: Retransmit id 16
*Jul 20 19:34:43: RADIUS: Tried all servers.
*Jul 20 19:34:43: RADIUS: No valid server found. Trying any viable server
*Jul 20 19:34:43: RADIUS: Tried all servers.
*Jul 20 19:34:43: RADIUS: No response for id 16
*Jul 20 19:34:43: dot1x-err:Dot1x Authentication failed
*Jul 20 19:34:43: dot1x-ev:The process does its job, so killing itself
*Jul 20 19:35:07: %LINK-3-UPDOWN: Interface GigabitEthernet6/2, changed state to
down
*Jul 20 19:35:07: %LINK-SP-3-UPDOWN: Interface GigabitEthernet6/2, changed state
to down
Any idea based on the debugging message ?
Thanks,
07-20-2004 01:36 PM
it's mis-configuraiton the radius in 6509.
!
ip radius source-interface Vlan10
radius-server key 7 120D000406
!
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide