Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10734
Views
0
Helpful
0
Replies

Disabling Dot1x auth

e.parhomenko
Level 1
Level 1

‎02-21-2011 11:24 PM - edited ‎03-09-2019 11:24 PM

I have upgrade Cisco Catalyst 3750, 3650 etc from old IOS version (c3750-i5k91-mz.122-25.SE.bin) to newer (c3750-ipservicesk9-mz.122-55.SE1.bin)

In pre upgrade configuration i have configured IEEE 802.1X authorization.

But after upgrade many commands of dot1x have beed changed.

From Cisco site i have noticed that realization of authorization have beed changed and renamed to IBNS.

I am configured port authorization again - works fine.

BUT. If i globaly disable dot1x by command ***(config)#no dot1x system-auth-control i have blocked ports, wich configured to dot1x, in state - notconnect.

When again turning auth by command dot1x system-auth-control - all ports working.

How to turning off authorization on whole switch by one command, as in older realization of dot1x.

Details:

show int gi1/0/8 status
Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/8   -= Workers =-      notconnect   10        a-full  a-100 10/100/1000BaseTX
***#show dot1x
Sysauthcontrol              Disabled
Dot1x Protocol Version            3
aaa authentication login default local-case
aaa authentication dot1x default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radius
authentication mac-move permit
authentication command bounce-port ignore
authentication command disable-port ignore
authentication critical recovery delay 10000
dot1x system-auth-control
dot1x guest-vlan supplicant
dot1x critical eapol
interface GigabitEthernet1/0/6
 description -= Workers =-
 switchport access vlan 10
 switchport mode access
 no logging event link-status
 authentication event fail action authorize vlan 25
 authentication event server dead action authorize vlan 10
 authentication event no-response action authorize vlan 25
 authentication event server alive action reinitialize
 authentication port-control auto
 dot1x pae authenticator
 dot1x timeout tx-period 10
 dot1x timeout supp-timeout 20
 dot1x max-reauth-req 3
 no cdp enable
 no cdp tlv server-location
 no cdp tlv app
 spanning-tree portfast

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents