Hi Team,
I want to migrate HP 2510 to Cisco 2900 series . I need your support regarding 802.1x implementation for Cisco 2960 and we have Microsoft NSP for dot1x. Could anyone guide me further about it and I prepared the following template :-
Existing HP Procure Configuration
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server key rad4procurve
radius-server host 10.32.10.1
port-security 1 learn-mode port-access
port-security 2 learn-mode port-access
port-security 3 learn-mode port-access
port-security 4 learn-mode port-access
aaa port-access authenticator 1-20
aaa port-access authenticator 1 reauth-period 7200
aaa port-access authenticator 1 unauth-vid 12
aaa port-access authenticator 1 client-limit 2
aaa port-access authenticator 2 reauth-period 7200
aaa port-access authenticator 2 unauth-vid 12
aaa port-access authenticator 2 client-limit 2
aaa port-access authenticator 3 reauth-period 7200
aaa port-access authenticator 3 unauth-vid 12
aaa port-access authenticator 3 client-limit 2
aaa port-access authenticator 4 reauth-period 7200
aaa port-access authenticator 4 unauth-vid 12
aaa port-access authenticator 4 client-limit 2
aaa port-access authenticator active
Cisco 2960 Configuration
radius-server host 10.32.10.1 key rad4procurve
address ipv4 10.32.10.1 auth-port 1812 acct-port 1813
timeout 10
retransmit 5
!
ip radius source-interface Loopback0
aaa authentication dot1x default group ISE_GROUP
aaa authorization network default group ISE_GROUP
aaa accounting update newinfo
aaa accounting dot1x default start-stop group ISE_GROUP
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 65
radius-server deadtime 1
authentication mac-move permit
authentication logging verbose
access-session template monitor
!
mab logging verbose
!
!
dot1x system-auth-control
dot1x logging verbose
device-sensor accounting
device-sensor notify all-changes
!
!
Ip device tracking
ip device tracking probe delay 10
!
interface range gigabitEthernet XYZ
description XXXXX
switchport access vlan XXXX
switchport mode access
authentication control-direction in
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication violation replace
authentication open
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 300
dot1x timeout tx-period 5
dot1x timeout ratelimit-period 300
no shut
!
################################ dot1x######################