08-18-2023 09:57 AM
Hello all,
I set the dot1x and the Raduis configuration on 9300 switch to authenticat the end user and Run the Daynamic vlan for the users but the user can't connect with the raduis server ( Pulse ).
Version : 17.09.03
My Configuration :
interface GigabitEthernet2/0/12
switchport access vlan 90
switchport mode access
switchport voice vlan 70
authentication open
authentication port-control auto
authentication violation protect
dot1x pae authenticator
spanning-tree portfast
exit
aaa new-model
dot1x system-auth-control
aaa authorization network default group radius
aaa authorization network pulse group Pulse
aaa accounting dot1x Pulse start-stop group Pulse
aaa authentication dot1x default group radius
aaa authentication dot1x Pulse group Pulse
aaa group server radius Pulse
server name pulse
aaa server radius dynamic-author
server-key 7 r################
radius server pulse
address ipv4 10.10.10.200 auth-port 1645 acct-port 1646
key 7 ##################
08-18-2023 10:11 AM
- Check the radius server's logs when the user tries to authenticate ,
M.
08-18-2023 10:32 AM
Hello!
Check the command:
show auth session int gig2/0/12 detail
It should show the issue. And then further search through the radius logs. If there aren't any check the path from switch to radius server if the ports are open.
There also seem to be some commands missing from the port config if you are using mab, try adding:
interface GigabitEthernet2/0/12
authentication control-direction in
authentication event fail action next-method
authentication order mab dot1x
authentication priority dot1x mab
mab
BR
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide