Guys am i missing a global config here? I have the following commands on my 2950
aaa authentication dot1x default group radius
radius-server host 184.108.40.206 auth-port 1812 string CiscoSwitch
dot1x port-control auto
even if i put the port into port-control force-unauthorised when i plug my laptop in the port just comes up as normal. I have set the radius side up on the raduis server but the logs dont see any requests coming from the switch. As i have this in a test environment i am able to plug the radius server directly into the switch and the switch can directly ping the server. I feel i am missing a global command to switch it on somehow, the cisco documentation just says to enable aaa new-model and set the aaa authentication and it should work but it doesnt. can anybody help? even if i have to enable something in Microsoft (on my laptop) the reason for wanting this is to stop someone from jacking into publicly accessible ports so i want the switch to either authenticate or shut down.
Thats about all the config that will go on the switch. There are some dot1x debugging commands that might help if you have not tried that already. I would suspect the problem is in the Radius server configuration. If you post your email address I'll send you a doc I got from TAC when I was setting it up. I would post it but it's to big to attach.
Trunk portIf you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not changed.
Dynamic portsA port in dynamic mode can negotiate with its neighbor to become a trunk port. If you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed
command will tell you something which is going wrong.