04-24-2014 01:02 AM - edited 03-10-2019 09:39 PM
Hello,
I need to authenticate a trunk port (with dot1x) where runs a development machine which hosts Virtual Machines.
So, the port where is connected the machine is a dot1q port.
Therefore I'd like to authenticate this machine with DOT1x, and by now it fails.
FYI dot1x runs with success on normal switch access port.
The platform is a catalyst 2960s, running the 15.0(1)SE2 IOS.
I'm using an EAP authentication method based on computer certificate.
Here below the configuration of the switch and port:
Thanks for your help
Global config:
aaa new-model
!
aaa group server radius G1
server 10.4.22.148 auth-port 1812 acct-port 1813
server 10.4.22.149 auth-port 1812 acct-port 1813
!
aaa authentication login default group G1 local
aaa authentication login console local
aaa authentication dot1x default group G1
aaa authorization exec default local
aaa authorization exec G1 if-authenticated
aaa authorization network default group G1
aaa session-id common
radius-server host 10.4.22.148 auth-port 1812 acct-port 1813 key 7 xxxxxx
radius-server host 10.4.22.149 auth-port 1812 acct-port 1813 key 7 xxxxxx
radius-server timeout 3
radius-server deadtime 1
port machine
interface GigabitEthernet4/0/8
description TEST_DEV_ON_VL141
switchport trunk allowed vlan 141,211
switchport mode trunk
authentication host-mode multi-host
authentication port-control auto
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout quiet-period 3
dot1x timeout tx-period 5
dot1x max-reauth-req 5
storm-control broadcast level 20.00
storm-control action shutdown
no cdp enable
spanning-tree bpduguard enable
ip igmp filter 1
end
Solved! Go to Solution.