cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Dot1X on trunk port

gilou_1973
Level 1
Level 1

Hello,

I need to authenticate a trunk port (with dot1x) where runs a development machine which hosts Virtual Machines.

So, the port where is connected the machine is a dot1q port.

Therefore I'd like to authenticate this machine with DOT1x, and by now it fails.

FYI dot1x runs with success on normal switch access port.

The platform is a catalyst 2960s, running the 15.0(1)SE2 IOS.

I'm using an EAP authentication method based on computer certificate.

 

Here below the configuration of the switch and port:

Thanks for your help

 

Global config:

aaa new-model
!
aaa group server radius G1
 server 10.4.22.148 auth-port 1812 acct-port 1813
 server 10.4.22.149 auth-port 1812 acct-port 1813
!
aaa authentication login default group G1 local
aaa authentication login console local
aaa authentication dot1x default group G1
aaa authorization exec default local
aaa authorization exec G1 if-authenticated
aaa authorization network default group G1
aaa session-id common


radius-server host 10.4.22.148 auth-port 1812 acct-port 1813 key 7 xxxxxx
radius-server host 10.4.22.149 auth-port 1812 acct-port 1813 key 7 xxxxxx
radius-server timeout 3
radius-server deadtime 1

 

 

port machine
interface GigabitEthernet4/0/8
 description TEST_DEV_ON_VL141
 switchport trunk allowed vlan 141,211
 switchport mode trunk
 authentication host-mode multi-host
 authentication port-control auto
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout quiet-period 3
 dot1x timeout tx-period 5
 dot1x max-reauth-req 5
 storm-control broadcast level 20.00
 storm-control action shutdown
 no cdp enable
 spanning-tree bpduguard enable
 ip igmp filter 1
end

 

 

 

Who Me Too'd this topic