08-14-2018 07:31 AM - edited 03-08-2019 03:54 PM
I just swapped a 3650 out, put the original config on it and the dot1x config does not want to work and neither did the RADIUS. The switch I replaced it with must have a newer IOS on it, which needs newer commands. We have sorted the RADIUS with a different set of commands, but the dot1x just refuses to work. The newer IOS that it is running is:
CAT3K_CAA-UNIVERSALK9 16.3.5
dot1x system-auth-control
aaa group server radius CONF-Dot1x
server 10.***.**.101
server 10.***.**.102
aaa authentication dot1x default group CONF-Dot1x
aaa authorization network default group CONF-Dot1x
aaa accounting dot1x default start-stop group CONF-Dot1x
interface GigabitEthernet1/0/1
switchport access vlan 958
switchport mode access
switchport voice vlan 959
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable
We get the following errors:
Aug 14 14:24:32.852: %DOT1X-5-FAIL:Switch 1 R0/0: smd: Authentication failed for client (001E.0B68.3CA1) on Interface Gi1/0/1 AuditSessionID 0ADEF08200000B4437A1E4F1
Aug 14 14:24:32.858: %SESSION_MGR-5-FAIL:Switch 1 R0/0: smd: Authorization failed or unapplied for client (001E.0B68.3CA1) on Interface GigabitEthernet1/0/1 AuditSessionID 0ADEF08200000B4437A1E4F1
Anybody have any ideas how we can fix this or what additional config is needed?
Solved! Go to Solution.
08-14-2018 09:15 AM
Yeah, the Denali code has changed things up. For us it messed up IPDT. Follow the config guide and you should be able to get it working.
08-14-2018 09:15 AM
Yeah, the Denali code has changed things up. For us it messed up IPDT. Follow the config guide and you should be able to get it working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide