cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
795
Views
0
Helpful
1
Replies

IEEE 802.1x port-based authetication

CMeruane75
Beginner
Beginner

I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone.

I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.

1 REPLY 1

Federico Lovison
Cisco Employee
Cisco Employee

Hi Claudia,

do you mean that the EAP-TLS authentication fails only on some 2960 switches and it works on other 2960s?

What is the IOS version you're using there?

What is the RADIUS server in use?

What is the exact error message you see on the RADIUS side?

Usually, the reason for the EAP-TLS handshake failure is to be troubleshoot on the supplicant and AAA server, however, there may be something on the switch depending on the certificate size and MTU settings on the switch(es).

What is the server cert size and the MTU configured on the switches?

With the info you provided it's difficult to say what's the reason of this failure.

I would suggest to start looking into the above mentioned topics, else you would need to proceed with deeper debugging and sniffer traces, which may be better/easier to handle through a TAC case.

I hope this helps.

Regards,

Federico

--

If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: