Showing results for 
Search instead for 
Did you mean: 


dot1x Authentication Question

I have a 2811 and a newer model 16 port switch with a 10/100/100 ge uplink port. On previous models the switch (PoE) did not have an uplink port and the command set integrated directly into the router's CLI. WIth this newer version, you actually have to session into the switch to gain access to switch level commands (no big deal, just providing context).

I currently use dot1x authentication on these devices. On the previous setup, the router with the added switch commands, would save the dot1x information in the running config in a small table. Occasionally a computer wound fail to send an EAP message or the switch would fail to receive the EAP message to remove the entry from this small table. The table would be in the following format:

mac-address-table static 0000.0000.0000 interface FastEthernet1/1 vlan <vlanid>

When the EAP logoff message failure occurred, no other device on that port and vlan would be able to work until you manually removed that entry from the table by doing:

no mac-address-table static 0000.0000.0000 interface FastEthernet1/1 vlan <vlanid>

You run this from config mode.

My problem is, under the newer switch module, you are now required to session into it to modify the switch config instead of it being integrated into the router's CLI. That being said, I expected to find the mac-addres-table listing for dot1x port security there, however it does not exist. If I have a device that fails to send the EAP logoff message (for whatever reason) were do I find this table I am used to working with? Does it still exist? If it doesn't is my only recourse to reboot the router? Rebooting the router seems like using dynamite to fish. Any ideas?

Thanks in advance. Please let me know if you need any clarification.

Content for Community-Ad