01-15-2013 01:38 PM - edited 03-10-2019 07:58 PM
Hello,
Quick question on an issue I have been having lately. We are mostly running 802.1x on our field 2950 switches with a Windows 2008 NAP server as a backend in our datacenter.
If we run into issues at a site will will temporarily remove 802.1x globally from the switch by using the command:
no dot1x system-auth control
This works great and puts all of the ports back into the data VLAN.
We have recently upgraded to some 2960s lanlite switches and some 3750 switches in the home office. If we have issues with authentication on one of these switches we will issue the same command but this time it breaks every access port and no one can connect from this switch.
We do have the configs setup to use MAB as a backup on each port and it appears on these switches the ports begin to fail MAB authentication even though 802.1x has been globally removed. We need to remove the authentication commands from every port on the switch.
This doesn't seem normal to me and I want to know if anyone else has seen the same behavior or has a work around. We don't want to have to remove from every port as doing it globally makes sense for temporary fixes.
Thanks, Elton
Sent from Cisco Technical Support iPhone App
01-15-2013 03:17 PM
Elton,
Your assumption is correct. The recent codes require you to remove "dot1x pae authenticator" and possibly "authention port-control auto" on all the switch ports in order to remove dot1x. You can no longer get away with this but using the command you were used to in the past. This is based on my testing since I have also been presented with the same scenario in the past.
Thanks,
Tarik Admani
*Please rate helpful posts*
01-15-2013 04:21 PM
I am going to open TAC case with Cisco tomorrow on this as I would like to know the logic behind this and why it has changed so drastically from the older codes.
Maybe they can give me a workaround. Ill update with what I find out. If anyone else has anything to add please do.
Elton
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide