Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
6
Replies

wired dot1x, anyone got it to work

mschooley
Level 1
Level 1

‎12-16-2003 10:36 AM - edited ‎03-10-2019 07:36 AM

trying to implement dot1x on wired network with dynamic vlan assignment, very unstable. anyone with fix or similar results.

Labels:
0 Helpful
6 Replies 6

didyap
Level 6
Level 6

‎12-22-2003 01:11 PM

802.1X ports cannot be configured as dynamic access ports. A port in dynamic mode can negotiate with its neighbor to become a trunk port. If you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed. See the following document for details:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swvlan.htm#59850

0 Helpful

jkittle99
Level 4
Level 4

‎11-01-2004 09:17 AM

Yeah I know I know - it can't be done with trunk ports - anybody know if this is on the roadmap? I have a VoIP network (avvid) , where essentially all ports on my network are 802.1q trunk ports (for voip support) and I need to be able to do 802.1x from the back of the phone (and ports configured as trunk ports that aren't phone connected) - Doing this any other way creates a management nightmare.

Any workarounds?

0 Helpful

jafrazie
Cisco Employee
Cisco Employee
In response to jkittle99

‎11-01-2004 11:08 AM

You can consider Multi-VLAN Access ports. Here is a sample working config that demonstrates this:

interface FastEthernet0/1

switchport mode access

switchport access vlan

switchport voice vlan

dot1x port-control auto

This allows for 802.1x and VoIP to co-exist at the same time. Insure your switch/rev has support for the "802.1x with VVID" feature, which works automatically based on the port config above.

Hope this helps.

0 Helpful

jkittle99
Level 4
Level 4
In response to jafrazie

‎11-01-2004 12:49 PM

I actually tried that on my 4510 switch as well - it detected the voice vlan parameter and refused to work. I need to research on the 802.1x with AVVID feature to see what that's all about.

0 Helpful

a.awan
Level 4
Level 4

‎11-04-2004 07:09 PM

What is the exact problem you are facing? Is it the VLAN assignment itself or is it getting the IP Address afterwards via DHCP? I have gotten it to work in a test environment but unfortunately with Foundry switches; have not gotten a chance to test it with Cisco's 802.1x implementation yet. By the way a single signon for both 802.1x and Windows Domain was the hardest thing to accomplish but things might have improved by now.

By the way this post is meant for the original poster. I did not realize this post was an year old :)

0 Helpful

mendezjm
Level 1
Level 1

‎11-22-2004 08:04 AM

I'm trying to implement 802.1x in a wired environment, with 2950 Switch, Active directory and Cisco ACS 3.2. I need this to work without certificates, using EAP-MD5.But it doesn't work.

could you help me about it?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents