Raduis Configuration issue

Abdelrahman salah · ‎08-18-2023

Hello all,

I set the dot1x and the Raduis configuration on 9300 switch to authenticat the end user and Run the Daynamic vlan for the users but the user can't connect with the raduis server ( Pulse ).

Version : 17.09.03

My Configuration :

interface GigabitEthernet2/0/12
switchport access vlan 90
switchport mode access
switchport voice vlan 70
authentication open
authentication port-control auto
authentication violation protect
dot1x pae authenticator
spanning-tree portfast

exit

aaa new-model

dot1x system-auth-control

aaa authorization network default group radius
aaa authorization network pulse group Pulse
aaa accounting dot1x Pulse start-stop group Pulse

aaa authentication dot1x default group radius
aaa authentication dot1x Pulse group Pulse

aaa group server radius Pulse
server name pulse

aaa server radius dynamic-author
server-key 7 r################

radius server pulse
address ipv4 10.10.10.200 auth-port 1645 acct-port 1646
key 7 ##################

marce1000 · ‎08-18-2023

- Check the radius server's logs when the user tries to authenticate ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

DanielP211 · ‎08-18-2023

Hello!

Check the command:

show auth session int gig2/0/12 detail

It should show the issue. And then further search through the radius logs. If there aren't any check the path from switch to radius server if the ports are open.

There also seem to be some commands missing from the port config if you are using mab, try adding:
interface GigabitEthernet2/0/12
authentication control-direction in
authentication event fail action next-method
authentication order mab dot1x
authentication priority dot1x mab
mab

BR

****Kindly rate all useful posts*****