Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1089
Views
0
Helpful
1
Replies

3850 radius issue

aytekin.done
Level 1
Level 1

‎08-10-2017 05:20 AM

Hi

We have four 3850 switch as stack.

Versions

 

WS-C3850-48T       03.06.06E        

WS-C3850-48T       03.06.06E        

WS-C3850-48T       03.06.06E        

WS-C3850-48P       03.06.06E

 

İ  configured aaa on 3850 as following

 

aaa new-model

aaa group server radius x

server name x

server name x

deadtime 1

aaa authentication login default group radius local

aaa authentication login NO none

aaa authentication dot1x default group x

aaa authorization exec default group x local if-authenticated

aaa authorization network default group x

aaa accounting dot1x network start-stop group x

aaa session-id common

 

 

İ  configured switchport as following

 

switchport access vlan x

switchport mode access

authentication control-direction in

authentication port-control auto

dot1x pae authenticator

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

 

i have Microsoft nps and other switchs have same config

there is no problem

 

but clients on 3850 dont authenticate and

I get an error like this in the logs

 

dot1x-5-result override authentication result overridden for client

 

i think the cause of this error is switch version

 

can you help me about this issue

 

thanks

Labels:
0 Helpful
1 Reply 1

Beith12
Level 1
Level 1

‎02-07-2018 02:53 AM

Hi, just worked on a near identical issue and it turned out to be the NPS configuration. Cisco 3560 switches seemed to operate fine but when swapped for 3850 switches the dot1x response would be reversed by the switch (NPS accepted the request).

0 Helpful
Customers Also Viewed These Support Documents