Solved: IOS doesn't accept dot1x commands on 4510r+e

Josh Morris · ‎02-03-2014

I am running a 4510 with a SUP-8. I am trying to implement 802.1x for NAC, but the switch refuses the interface-level command. Below is the entire config I am trying to implement and the results. Any ideas as to why it rejects the interface level commands?

! dot1x

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa authorization auth-proxy default group radius

aaa accounting dot1x default start-stop group radius

aaa accounting network default start-stop group radius

aaa accounting system default start-stop group radius

aaa accounting update periodic 15

aaa accounting update newinfo

radius-server attribute 6 on-for-login-auth

radius-server attribute 8 include-in-access-req

radius-server attribute 25 access-request include

radius-server dead-criteria time 30 tries 3

radius server ISE

address ipv4 10.40.0.2 auth-port 1812 acct-port 1813

address ipv4 10.40.0.4 auth-port 1812 acct-port 1813

key 0 xxxxxxxxxxxx

radius-server vsa send accounting

radius-server vsa send authentication

ip radius source-interface Vlan500

!

ip arp inspection vlan 15

ip dhcp snooping vlan 15

no ip dhcp snooping information option

ip dhcp snooping

ip device tracking

!

dot1x system-auth-control

dot1x critical eapol

!

interface g1/5

switchport access vlan 15

switchport voice vlan 65

logging event link-status

service-policy input QoS-Input-Policy

service-policy output QoS-Host-Port-Output-Policy

authentication event fail action next-method

authentication event server dead action authorize vlan 1500

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication open

authentication order mab dot1x

authentication priority dot1x mab

authentication port-control auto

authentication timer reauthenticate server

authentication periodic

authentication violation restrict

mab

dot1x pae authenticator

dot1x timeout tx-period 10

LAB-IDF(config)#int g1/5

LAB-IDF(config-if)# switchport access vlan 15

LAB-IDF(config-if)# switchport voice vlan 65

LAB-IDF(config-if)# logging event link-status

LAB-IDF(config-if)# service-policy input QoS-Input-Policy

% policy map QoS-Input-Policy not configured

LAB-IDF(config-if)# service-policy output QoS-Host-Port-Output-Policy

% policy map QoS-Host-Port-Output-Policy not configured

LAB-IDF(config-if)#

LAB-IDF(config-if)# authentication event fail action next-method

^