05-30-2017 03:08 PM - edited 03-08-2019 10:47 AM
Hello,
We have enabled aaa authentication on a switch, but "show authentication sessions" says "No sessions currently exist".
The switch is a 2960X. Same config works on other switches in the same organisation. Can anyone see what's wrong ?
Output of "show run aaa":
aaa authentication login default local
aaa authentication enable default enable
aaa authentication dot1x default group ISE-group
aaa authorization network default group radius local
aaa accounting dot1x default start-stop group ISE-group
radius server ISE1
address ipv4 192.168.1.10 auth-port 1812 acct-port 1813
key 7(string omited)
!
radius server ISE2
address ipv4192.168.1.11 auth-port 1812 acct-port 1813
key 7 (string omited)
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server dead-criteria time 10 tries 3
radius-server vsa send cisco-nas-port
!
aaa group server radius ISE-group
server name ISE1
server name ISE2
!
aaa new-model
aaa session-id common
Output of sh run interface:
interface GigabitEthernet1/0/5
switchport mode access
switchport voice vlan 6
ip device tracking maximum 2
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication event fail action next-method
authentication event server dead action authorize vlan 1
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication timer inactivity 120
authentication timer unauthorized 30
authentication violation replace
mab
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
auto qos trust
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input Voip_qos_policy
end
05-30-2017 10:44 PM
Switch(config)#dot1x system-auth-control
05-30-2017 11:05 PM
dot1x system-auth-control is already in the config. I just tried to do a "no dot1x system-auth-control" and then re-enable with "dot1x system-auth-control", to see if that helped. The problem persist, though.
05-30-2017 11:15 PM
Is your radius accessible from the switch?
you can enable debugs
01-29-2021 12:56 AM
Did anyone find a solution with this. I am having same issue on a C1000 switch. Same configs works on more than 10 other switches.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide