ā03-26-2024 04:17 AM - edited ā03-26-2024 04:22 AM
I have Configured the 802.1x Configuration in WS-C2960X-24TS-LL Switch Globally. when i test the aaa test it was successful. but when i tried to configure in the Interface the authentication was not happening. so can you please help to configure the 802.1x configuration in one of the Interface
ā03-26-2024 04:19 AM
share the config
MHM
ā03-26-2024 04:23 AM
switchport access vlan 14
switchport mode access
ip device tracking maximum 10
authentication event fail action next-method
authentication event no-response action authorize vlan 14
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge
spanning-tree bpduguard enable
ā03-26-2024 04:32 AM
show aaa server <<-
show authentication session interface <<-
share both
MHM
ā03-26-2024 04:40 AM
sh aaa server
RADIUS: id 1, priority 1, host 10.10.249.248, auth-port 1812, acct-port 1813
State: current UP, duration 1135183s, previous duration 0s
Dead: total time 0s, count 0
Quarantined: No
Authen: request 214, timeouts 0, failover 0, retransmission 0
Response: accept 13, reject 3, challenge 194
Response: unexpected 0, server error 0, incorrect 0, time 6063442ms
Transaction: success 214, failure 0
Throttled: transaction 0, timeout 0, failure 0
Author: request 13, timeouts 0, failover 0, retransmission 0
Response: accept 13, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 59ms
Transaction: success 13, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 77, timeouts 0, failover 0, retransmission 0
Request: start 39, interim 0, stop 38
Response: start 39, interim 0, stop 38
Response: unexpected 0, server error 0, incorrect 0, time 64ms
Transaction: success 77, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 1w6d3h19m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 1 hours, 4 minutes ago: 15
low - 0 hours, 0 minutes ago: 0
average: 0
RADIUS: id 2, priority 2, host 10.20.249.248, auth-port 1812, acct-port 1813
State: current UP, duration 1135183s, previous duration 0s
Dead: total time 0s, count 0
Quarantined: No
Authen: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 0, timeouts 0, failover 0, retransmission 0
Request: start 0, interim 0, stop 0
Response: start 0, interim 0, stop 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 1w6d3h19m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 0 hours, 0 minutes ago: 0
low - 0 hours, 0 minutes ago: 0
average: 0
show authentication session interface gi0/5
Interface Identifier Method Domain Status Fg Session ID
-----------------------------------------------------------------------------
Gi0/5 5091.e353.be45 dot1x DATA Unauth 0AAFF66D0000004F43AA541E
Key to Session Events Blocked Status Flags:
A - Applying Policy (multi-line status for details)
D - Awaiting Deletion
F - Final Removal in progress
I - Awaiting IIF ID allocation
N - Waiting for AAA to come up
P - Pushed Session
R - Removing User Profile (multi-line status for details)
U - Applying User Profile (multi-line status for details)
X - Unknown Blocker
Runnable methods list:
Handle Priority Name
7 0 dot1xSupp
6 5 dot1x
18 10 mab
16 15 webauth
ā03-26-2024 04:42 AM
show authentication session interface detail <<-
share this after add detail and interface number
MHM
ā03-26-2024 04:46 AM
sh authentication sessions interface gi0/5 detail
Interface: GigabitEthernet0/5
MAC Address: 5091.e353.be45
IPv6 Address: Unknown
IPv4 Address: Unknown
User-Name: BRANDIXLK\ICT-IND-DC-NW1
Status: Unauthorized
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: N/A
Session Uptime: 494s
Common Session ID: 0AAFF66D0000004F43AA541E
Acct Session ID: Unknown
Handle: 0xA5000016
Current Policy: POLICY_Gi0/5
Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
Method status list:
Method State
dot1x Authc Success
ā03-26-2024 04:48 AM - edited ā03-26-2024 04:54 AM
from show auth session you share
dot1x Authc Success <<- the dot1x is run only
dot1x system-auth-control <<- add this in global mode
MHM
ā03-26-2024 04:52 AM
can you please tell me 1st command where i need to deploy i mean Global config or in Interface?
2nd one is need to run in Global config right?
ā03-26-2024 04:54 AM
2nd one is need to run in Global config right? Yes correct
MHM
ā03-26-2024 04:59 AM
Added the below command in Global Config
BC3-Test-SW1(config)#dot1x system-auth-control
ā03-26-2024 05:01 AM - edited ā03-26-2024 05:01 AM
sh authentication sessions interface gi0/5 detail <<- shut/no shut the interface then do show auth again
MHM
ā03-26-2024 05:04 AM
sh authentication sessions interface gi0/5 detail
Interface: GigabitEthernet0/5
MAC Address: 5091.e353.be45
IPv6 Address: Unknown
IPv4 Address: Unknown
User-Name: BRANDIXLK\ICT-IND-DC-NW1
Status: Unauthorized
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: N/A
Session Uptime: 62s
Common Session ID: 0AAFF66D0000005143C13B83
Acct Session ID: Unknown
Handle: 0x8F000017
Current Policy: POLICY_Gi0/5
Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
Method status list:
Method State
dot1x Authc Success
ā03-26-2024 11:48 PM
Is the Lanlite Switch Can Support the 802.1x?
ā03-27-2024 01:29 AM
sorry for late reply
Authen: request 214, timeouts 0, failover 0, retransmission 0 <<-this you share so the SW send to AAA server packet but if it 802.1x or MAB that not clear to us, share the output of below
debug radius
debug dot1x all
for SW support 802.1x or not I will check this point
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide