cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements


272
Views
0
Helpful
1
Replies
Beginner

Dot1x - WS-C3650-48PD

I just swapped a 3650 out, put the original config on it and the dot1x config does not want to work and neither did the RADIUS. The switch I replaced it with must have a newer IOS on it, which needs newer commands. We have sorted the RADIUS with a different set of commands, but the dot1x just refuses to work. The newer IOS that it is running is:

 

CAT3K_CAA-UNIVERSALK9      16.3.5

 

dot1x system-auth-control

aaa group server radius CONF-Dot1x
 server 10.***.**.101
 server 10.***.**.102

aaa authentication dot1x default group CONF-Dot1x
aaa authorization network default group CONF-Dot1x
aaa accounting dot1x default start-stop group CONF-Dot1x

 

interface GigabitEthernet1/0/1
 switchport access vlan 958
 switchport mode access
 switchport voice vlan 959
 dot1x pae authenticator
 spanning-tree portfast
 spanning-tree bpduguard enable

 

We get the following errors:

Aug 14 14:24:32.852: %DOT1X-5-FAIL:Switch 1 R0/0: smd:  Authentication failed for client (001E.0B68.3CA1) on Interface Gi1/0/1 AuditSessionID 0ADEF08200000B4437A1E4F1
Aug 14 14:24:32.858: %SESSION_MGR-5-FAIL:Switch 1 R0/0: smd:  Authorization failed or unapplied for client (001E.0B68.3CA1) on Interface GigabitEthernet1/0/1 AuditSessionID 0ADEF08200000B4437A1E4F1

 

Anybody have any ideas how we can fix this or what additional config is needed?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advisor

Re: Dot1x - WS-C3650-48PD

Yeah, the Denali code has changed things up. For us it messed up IPDT. Follow the config guide and you should be able to get it working.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-3/configuration_guide/b_163_consolidated_3650_cg/b_163_consolidated_3650_cg_chapter_01100011.html

 

1 REPLY
Highlighted
Advisor

Re: Dot1x - WS-C3650-48PD

Yeah, the Denali code has changed things up. For us it messed up IPDT. Follow the config guide and you should be able to get it working.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-3/configuration_guide/b_163_consolidated_3650_cg/b_163_consolidated_3650_cg_chapter_01100011.html

 

CreatePlease to create content
Content for Community-Ad

Ask the Expert- Endpoint Security