12-28-2007 12:01 AM - edited 03-05-2019 08:11 PM
Hi,
When PC is starting, until welcome screen(user-password screen) appears at windows XP; switch determines PC that PC is not dot1x enabled then switch puts PC to guest vlan. How can i fix this problem?
Thank you.
12-28-2007 03:21 AM
hey can u tell me,
how switch is been configured for dot1x and whether it is talking to any radius server..
please do brief ur setup...
well if u have this command on the interface
dot1x guest vlan
then undo this command on that switch port..
this should help
12-28-2007 03:37 AM
Hi
it is talking to radius. I do not have problem with auth. Switch assigns ports to guest vlan if the PC or client is not dot1x enabled at WinXp and mac address auth fails. But during Pc startup, until welcome screen appears, switach asks PC if PC is dot1x enabled and PC says: no because winxp not loaded yet. So switch asks mac address and does not auth the mac address because it is no in list. So switch assigns PC to guest vlan. Then PC gets guest vlan ip and it does not change. My real question is how can i extend the time that switch bypass mac auth..
config:
interface FastEthernet0/47
switchport mode access
switchport port-security maximum 3
switchport port-security
switchport port-security violation protect
dot1x mac-auth-bypass eap
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 3
dot1x timeout reauth-period 20
dot1x max-req 1
dot1x guest-vlan 20
storm-control broadcast level bps 1m
storm-control multicast level bps 1m
spanning-tree portfast
spanning-tree bpduguard enable
ip verify source
!
12-28-2007 04:16 AM
hi,
i think we are sailing on the same boat... if possible please have a look into the conversation titled " Configuring IEEE 802.1x Port-Based Configuration"....
am trying to enable dot1x auth on our LAN, and decided to use mac-auth-bypass... well i think the switch config is good... but the pc is not getting autheticated with acs.. i have added pc mac address on the local acs datatbase... and have also created a username/password with pc's mac addresss. I am getting an error log in ACS as " Auth Failed " .. hope you could help me with this...
am trying to get solution for ur problem... correct me if i m wrong... you wanted to extend the time period of switch bypass mac auth.... right
regards
gopi
12-28-2007 04:40 AM
hi,
Check ACS logs. why auth fails, check user name at the log and you entered at ACS. Mac address types sometime mismatch. example: abcd.234f.123d or abcd234f123d or ABCD.234d.123D these are all same mac address but ACS recognize different.
12-28-2007 04:48 AM
hi,
the username which we create on the acs with the mac adddress... do we have to follow any specific format for that
i mean does it has to be 0018.fe67.05bb or 0018-FE67-05BB or
00-18-FE-67-05-BB or 0018FE6705BB
on acs i get this log error "/22/2006,04:55:12,Authen failed,0018fe6705bb,Default Group,00-18-FE-67-05-BB,(Default),Internal error,,,50002,10.10.10.2,,,,,,10.10.10.2,"
regards
gopi
12-28-2007 05:09 AM
Hi,
i checked our acs. the format has to be 000c29a6480e and password must be same. also did you happen to setup VLAN ID and 802 at ACS.
12-28-2007 05:16 AM
hi,
where do i have to vlanid and 802... is it under group setup?
12-28-2007 05:44 AM
hi where do i have to provide the vlaid and 802 on the acs... is it under group setup?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide