Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
1
Replies

IEEE 802.1x port-based authetication

CMeruane75
Level 1
Level 1

‎08-15-2011 07:43 AM - edited ‎03-10-2019 06:19 PM

I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone.

I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.

Labels:
0 Helpful
1 Reply 1

Federico Lovison
Cisco Employee
Cisco Employee

‎08-29-2011 01:52 AM

Hi Claudia,

do you mean that the EAP-TLS authentication fails only on some 2960 switches and it works on other 2960s?

What is the IOS version you're using there?

What is the RADIUS server in use?

What is the exact error message you see on the RADIUS side?

Usually, the reason for the EAP-TLS handshake failure is to be troubleshoot on the supplicant and AAA server, however, there may be something on the switch depending on the certificate size and MTU settings on the switch(es).

What is the server cert size and the MTU configured on the switches?

With the info you provided it's difficult to say what's the reason of this failure.

I would suggest to start looking into the above mentioned topics, else you would need to proceed with deeper debugging and sniffer traces, which may be better/easier to handle through a TAC case.

I hope this helps.

Regards,

Federico

--

If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

0 Helpful
Customers Also Viewed These Support Documents