##Configure client interfaces for dot1x Switch(config-if)# switchport mode acces Switch(config-if)# switchport access vlan <vlan> Note: Depending on IOS version you will use one of the two below commands. Switch(config-if)# authentication port-control auto or Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x pae authenticator Switch(config-if)# dot1x timeout quiet-period <secodns to wait after failed attempt> Switch(config-if)# dot1x timeout tx-period <time to resubmit request>
System Configuration > Global Authentication Setup Verify ‘Allow EAP-MD5′ is checked Verify ‘Allow MS-CHAP Version 2 Authentication’ is checked
In order to configure a user, click User Setup on the menu, and complete these steps:
Enter the User information: Network-Admin <username>.
Enter the Real Name: Network-Admin <descriptive name>.
Add a Description: <your choice>.
Select the Password Authentication: ACS Internal Database.
Enter the Password: ........ <password>.
Confirm the Password: <password>.
The Output Interpreter Tool (registered customers only) supports certain show commands. Use the Output Interpreter Tool in order to view an analysis of show command output.
Enter these commands in order to confirm that your configuration works properly:
show dot1x summary
show dot1x interface
show authentication sessions interface <interface>
show authentication interface <interface>
Switch(config)# show dot1x
Dot1x Protocol Version 3
Switch(config)# show dot1x summary
Interface PAE Client Status
Switch(config)# show dot1x interface fa0/4 detail
Dot1x Info for FastEthernet0/4
PAE = AUTHENTICATOR
PortControl = FORCE_AUTHORIZED
ControlDirection = Both
HostMode = SINGLE_HOST
QuietPeriod = 5
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 2
MaxReq = 2
TxPeriod = 10
This section provides debug commands that you can use in order to troubleshoot your configuration.
Note: Refer to Important Information on Debug Commands before you use debug commands.
debug dot1x all debug authentication all debug radius (provides the information of radius at debug level) debug aaa authentication (debug for authentication) debug aaa authorization (debug for authorization)
Working with a lab 5506-x and c3560cx and throwing some OSPF at it to see what sticks. I want the ASA to route to the internet, but I have three Vlans on the switch with SVIs for each subnet. I have NAT working on the ASA out to the internet, b...
I have a Hotspot guest portal setup that has a button that links to a sponsored guest portal to allow certain account to sign in and get elevated access. The button works fine on Android and Windows OS. On iOS devices the customer is gettin...
I have a site to site VPN tunnel setup on an ASA device. The tunnel is up and running and traffic is restricted to a single host on my side. The customer has asked for access to another host on my side via the same tunnel to port 7607. The tunnel uses pub...
Hi Experts, We're running ISE version 2.6 Patch 7 installed. On SAN, we noticed, it's left the AD and in the Report->Diagnostics, it showing as ISE account password update failed. As per the below URL, ISE machine account has set t...
We have an active SNTC 8X5XNBD support subscription and we have created a case for an RMA two weeks ago. Yet we still haven't received an RMA in our ticket and we have no place to ship our defective product to to get a replacement. Did Cisco stop acceptin...