Hi ALL,
We are trying to configure switchort to authenticate with radius srever to grant user access.
It seems like authentication failed. The wireless controller also uses radius for user authentication, no issue happen.
Below is the config.
Building configuration...
Current configuration : 10010 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
enable password 7 00343315174C5B140B
!
username admin password 7 06362F325F59590B01
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
!
!
!
!
!
aaa session-id common
clock timezone MY 8 0
switch 1 provision ws-c2960x-48fpd-l
authentication mac-move permit
!
!
no ip domain-lookup
vtp mode transparent
udld aggressive
!
!
crypto pki trustpoint TP-self-signed-383024512
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-383024512
revocation-check none
rsakeypair TP-self-signed-383024512
!
!
crypto pki certificate chain TP-self-signed-383024512
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383330 32343531 32301E17 0D313530 38313531 37333733
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3338 33303234
35313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
D588577E CFCA37CE BA5F27D6 599A90B8 F8A99A31 DD0F26FF 53E749D4 DB650A54
84BD6751 C477A853 58FE238E DC4CD936 2E9D9EE3 9CB0EECE 9A8B5337 1BB476AD
920BFC1A 2082B446 709ECF87 99452743 E1A90117 64B304E8 F895F0A9 F763F50B
D373D8DA 8943AF21 698B4113 4C0EC1D1 289FFFEE F48960A4 0F952AE2 EEAA2647
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680146F ED194655 4815E8CF 6A70ECC5 886FA76B AA2A0E30 1D060355
1D0E0416 04146FED 19465548 15E8CF6A 70ECC588 6FA76BAA 2A0E300D 06092A86
4886F70D 01010505 00038181 003DBBEF 478E3651 6D689FDF 1F2D1E03 6D9DB1B0
14D0A356 CCD5C520 DA0E4716 43A4287B A283FFCD 84956637 2EF7F9D8 43BA5C43
0884C99B 4A802596 655E4A6E EA50E325 4CEA75A7 3238D4C4 80979D36 E204F015
58F2DB6D 41B22F42 CF06A654 BBD64036 A31BA582 041B7113 4F3CA057 0633A008
F15BD7CF 22DF2EB8 A288E6C2 FA
quit
dot1x system-auth-control
!
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
vlan 100
name LAN
!
vlan 202
name Network_Mgmt
!
vlan 220
name Guest_WIFI
!
!
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/37
switchport access vlan 100
switchport mode access
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
spanning-tree portfast
!
interface Vlan202
ip address 192.168.202.5 255.255.255.192
!
ip default-gateway 192.168.202.62
no ip http server
ip http secure-server
!
!
!
!
radius server RADIUS
address ipv4 192.168.10.1 auth-port 1812 acct-port 1813
key 7 053C2F2908736A2917251D32065D0A0A7A7C
Please help.
Attached is debug log
Regards
Kevin
