cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
695
Views
0
Helpful
4
Replies

802.1 x configuration

jaimes.badillo
Level 1
Level 1

I recently upgraded our Symantec Lan enforcer to version 12.1.4, one of the reason was because we were having issue with ports being blocked that should not have been. I am testing the connection now with one system. The Enforcer is set it with all the right policy and the radius server is set up as well. When I add the 802.1x commands to the switch it drops the connection right away. Here are the commands I am adding to the switch

authentication host-mode multi-domain

authentication port-control auto

dot1x pae authenticator

I have also used the following commands as recommended by Symantec.

switchport mode access

dot1x port-control auto

dot1x reauthentication
dot1x timeout reauth-period 30

I still get the same results, the connection is dropped right away.

4 Replies 4

cowseatsoil
Level 1
Level 1

Hi Jaimes,

Have you specified the RADIUS server in the configuration?

radius-server host {hostname | ip-address} auth-port port-number key string

You will then need to tell the switch to use RADIUS for 802.1x:

aaa authentication dot1x default group radius

Then enable dot1x globally:

dot1x system-auth-control

Apart from that your commands look OK (I havent used 802.1x in detail, neither have access to test it here so please give this a try and use the following if you're still experiencing issues)

Once you've configured 802.1x on the interface you can use the 'show dot1x' command to verify if it is in use and if there are errors.

If everything still looks OK please check the 'debug dot1x authsm' for any errors.

Liam

I have all those commands on the switch. Stilll getting locked out. I also removed the Symanec enforcer from the picture so now the switch is going to the radius server.

Hi,

Have you configured the data and voice vlan on the switch ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Jaimes

I have done 802.1x a long time ago with not with Symantec so i probably can't help much but -

1) you need to debug the 802.1x authentication on the switch to see what is happening between the switch and the radiius server

2) i'm assuming you have an 802.1x supplicant on the end client ie. you are not doing anything like mac authentication bypass for example.

There is a different forum that deals with authentication etc. so you may want to move this thread over there as people anwering in those threads may not see your post in this forum -

https://supportforums.cisco.com/community/netpro/security/aaa

Jon

Review Cisco Networking for a $25 gift card