cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
907
Views
0
Helpful
4
Replies

Dot1x Port Authentication

cpratt
Level 1
Level 1

Hi everyone,

I am having a problem with getting port authentication to work correctly. The laptop cannot get a DHCP address from the dot1x enabled port. I believe I have all the configuration correct.

aaa authentication dot1x default group radius

aaa authorization network default group radius

!

dot1x system-auth-control

!

interface FastEthernet0/2

description *** User with Phone ***

switchport access vlan 60

switchport mode access

switchport voice vlan 61

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

auto qos voip trust

dot1x port-control auto

dot1x reauthentication

spanning-tree portfast

!

radius-server host 172.25.101.250 auth-port 1812 acct-port 1813 key ********

Attached is a debug from the switch. Radius is working correctly as I can see my laptop connect when I remove the port configuration.

I am currently testing this configuration on a 3560 running

c3560-advipservicesk9-mz.122-25.sed1.bin

Thanks,

Chris

4 Replies 4

fb_webuser
Level 6
Level 6

Can you ping your radiuis-server from the switch?

Do you have an dot1x client authentication enabled on your OS?

Did you add the macaddress of your computer to the radius server correctly?

---

Posted by WebUser Milo Elchingon Dechingones

I can ping between the server and the switch (sourcing the user vlan)

I have dot1x authentication enabled on the OS.

I'll need to double check the remote access policies-

The radius server is setup to look for match "Ethernet" and Domain User to grant access permission.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco