Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
2
Replies

implement 802.1x authentication

MOHAMMED-AMINE ACHACHI
Level 1
Level 1

‎08-11-2015 01:29 PM - edited ‎03-08-2019 01:19 AM

Hi,
I try to implement 802.1x on our network.
I have a router (4510 Catalyst R) and a radius linux server (freeradius) and the new switch (POE) C2960X 48fps, I seek your advice and help on this subject
Thank you in advance
Amine
Labels:
0 Helpful
2 Replies 2

Zach S
Level 1
Level 1

‎08-13-2015 06:20 PM

Your basic configuration should look something like this:

aaa new-model

radius-server host x.x.x.x key mykey123

aaa authentication dot1x default group radius

dot1x system-auth-control

SWITCH(config-if) dot1x port-control auto

Your end devices will need to be 802.1x compatible as well.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_9_ea1/configuration/guide/scg/Sw8021x.html

 

0 Helpful

MOHAMMED-AMINE ACHACHI
Level 1
Level 1
In response to Zach S

‎08-18-2015 07:07 AM

Hello,

Thank you for your response,
But i can't not authenticate  I have the following error message
if you could help me
Thank you


Aug 18 13:57:47.952: dot1x-ev(Gi1/0/36): Received pkt saddr =b8ac.6fcc.3b00 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0012
Aug 18 13:57:47.952: dot1x-ev(Gi1/0/36): dot1x_sendRespToServer: Response sent to the server from 0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:57:48.850: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/36, changed state to up
Aug 18 13:57:48.969: dot1x-ev(Gi1/0/36): Received an EAP Fail
Aug 18 13:57:48.973: %DOT1X-5-FAIL: Authentication failed for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Sending event (2) to Auth Mgr for b8ac.6fcc.3b00
Aug 18 13:57:48.973: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Received Authz fail for the client  0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Sending out EAPOL packet
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Resetting the client 0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Sending create new context event to EAP for 0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:57:48.973: dot1x-ev(Gi1/0/36): Sending out EAPOL packet
Aug 18 13:57:49.850: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/36, changed state to up
Aug 18 13:57:51.031: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:57:51.031: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:57:51.031: dot1x-ev(Gi1/0/36): Sending out EAPOL packet
Aug 18 13:57:53.087: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:57:53.087: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:57:53.087: dot1x-ev(Gi1/0/36): Sending out EAPOL packet
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Received an EAP Timeout
Aug 18 13:57:55.135: %DOT1X-5-FAIL: Authentication failed for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Sending event (2) to Auth Mgr for b8ac.6fcc.3b00
Aug 18 13:57:55.135: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Received Authz fail for the client  0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Resetting the client 0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Sending create new context event to EAP for 0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:57:55.135: dot1x-ev(Gi1/0/36): Sending out EAPOL packet
Aug 18 13:57:57.190: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:57:57.190: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:57:57.190: dot1x-ev(Gi1/0/36): Sending out EAPOL packet
Aug 18 13:57:59.245: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:57:59.245: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:57:59.245: dot1x-ev(Gi1/0/36): Sending out EAPOL packet
Aug 18 13:58:01.294: dot1x-ev(Gi1/0/36): Received an EAP Timeout
Aug 18 13:58:01.294: %DOT1X-5-FAIL: Authentication failed for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:58:01.294: dot1x-ev(Gi1/0/36): Sending event (2) to Auth Mgr for b8ac.6fcc.3b00
Aug 18 13:58:01.294: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:58:01.294: %AUTHMGR-5-VLANASSIGN: VLAN 318 assigned to Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:58:01.304: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC b8ac.6fcc.3b00| AuditSessionID 0A0964D10000008306B82AC3| AUTHTYPE DOT1X| EVENT APPLY
Aug 18 13:58:01.413: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:58:01.413: dot1x-ev(Gi1/0/36): Received Authz Success for the client 0x38000086 (b8ac.6fcc.3b00)
Aug 18 13:58:01.413: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (b8ac.6fcc.3b00) on Interface Gi1/0/36 AuditSessionID 0A0964D10000008306B82AC3
Aug 18 13:58:01.413: dot1x-ev(Gi1/0/36): Sending EAPOL packet to group PAE address
Aug 18 13:58:01.413: dot1x-ev(Gi1/0/36): Role determination not required
Aug 18 13:58:01.413: dot1x-ev(Gi1/0/36): Sending out EAPOL packet

 

conf interface switch C2960X :


interface GigabitEthernet1/0/36
 switchport access vlan 120
 switchport mode access
 authentication event fail action authorize vlan 318
 authentication event server alive action reinitialize
 authentication host-mode multi-host
 authentication open
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation protect
 dot1x pae authenticator
 dot1x timeout tx-period 2
 spanning-tree portfast
end

 

 

0 Helpful
Customers Also Viewed These Support Documents