01-10-2012 08:17 AM - edited 03-07-2019 04:15 AM
Hi everyone,
I am having a problem with getting port authentication to work correctly. The laptop cannot get a DHCP address from the dot1x enabled port. I believe I have all the configuration correct.
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
dot1x system-auth-control
!
interface FastEthernet0/2
description *** User with Phone ***
switchport access vlan 60
switchport mode access
switchport voice vlan 61
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust cos
auto qos voip trust
dot1x port-control auto
dot1x reauthentication
spanning-tree portfast
!
radius-server host 172.25.101.250 auth-port 1812 acct-port 1813 key ********
Attached is a debug from the switch. Radius is working correctly as I can see my laptop connect when I remove the port configuration.
I am currently testing this configuration on a 3560 running
c3560-advipservicesk9-mz.122-25.sed1.bin
Thanks,
Chris
01-10-2012 09:53 AM
Can you ping your radiuis-server from the switch?
Do you have an dot1x client authentication enabled on your OS?
Did you add the macaddress of your computer to the radius server correctly?
---
Posted by WebUser Milo Elchingon Dechingones
01-11-2012 05:56 AM
I can ping between the server and the switch (sourcing the user vlan)
I have dot1x authentication enabled on the OS.
I'll need to double check the remote access policies-
01-11-2012 07:32 AM
01-11-2012 07:34 AM
The radius server is setup to look for match "Ethernet" and Domain User to grant access permission.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: