802.1x Authentication Fails on GB Switch but Works on Fast Ethernet Switch

james_fisk · ‎01-14-2016

Hello,

This is my first post. We have fa and gi switches. 802.1x authentication works great on a fast Ethernet C2960 with firmware 12.2(55) SE. But clients fail to authenticate on a C3750 with firmware 12.2 (55)SE. The client PC has a GPO to enable the proper local configuration. A test notebook authenticates when connected to a the C2960 but fails on the C3750. I am wondering if there is an additional or different command required to configure a Gi switch. I would assume not because they are running the same firmware but the only difference is the hardware. I used command dot1x port-control auto to enable.

Thank you,

Jim

austinmbailey1 · ‎01-15-2016

What commands are you running on the access ports?

On my Gigabit switches, we run the following commands:

dot1x max-req 3

dot1x max-reauth-req 3

authentication port-control autoauthentication timer reauthenticate 3600 (this is one hour, which should be default)

-Austin

james_fisk · ‎01-15-2016

Austin,

Thank you for your response. The port is question has the following configuration....

switchport access vlan xx

switchport mode access

dot1x port-control auto

dot1x pae authenicator

spanning-tree portfast

austinmbailey1 · ‎01-15-2016

Try adding the following to access ports:

dot1x max-req 3

dot1x max-reauth-req 3

dot1x reauthentication

Do you have all of your radius commands set up the same as the other switch?

Glenn Martin · ‎01-15-2016

moving post to the Network Infrastructure>Lan Switching Community.