cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1015
Views
0
Helpful
3
Replies
Highlighted
Beginner

Upgraded from IOS-XE 3.07 to Denali 16.02..Dot1x failing now

I upgraded my 3850 switch from IOS-XE 3.07 to 16.02 and now dot1x is failing. PC connected to Cisco IP Phone, which in turn is connected to 3850. After the upgrade my phones are stuck as the "registration" screen and this is the error in my log. Needless to say the PC cant get access either.

Apr  4 20:12:40.101: %DOT1X-5-FAIL:Switch 1 R0/0: smd:  Authentication failed for client (ACA0.166F.5C70) on Interface Gi3/0/25 AuditSessionID AC1200C800000019E3AFE41F

I must be missing something in my configs. Any help???

Old Working Config w/ IOS 3.0.7

aaa new-model

aaa group server radius NPS
 server 172.18.3.161
 server 172.18.3.162
!
aaa authentication dot1x default group NPS

!
dot1x system-auth-control


interface GigabitEthernet3/0/25
 switchport access vlan 106
 switchport mode access
 switchport voice vlan 206
 trust device cisco-phone
 authentication port-control auto
 dot1x pae authenticator


radius-server host 172.18.3.161 key 7 <removed>
radius-server host 172.18.3.162 key 7 <removed>

New Config with 16.0.2 NOT WORKING.

aaa new-model

aaa group server radius NPS
 server name NPS01
 server name NPS02
!
aaa authentication dot1x default group NPS

dot1x system-auth-control
!
interface GigabitEthernet3/0/25
 switchport access vlan 106
 switchport mode access
 switchport voice vlan 206
 trust device cisco-phone
 authentication port-control auto
 dot1x pae authenticator
!
radius server NPS01
 address ipv4 172.18.3.161 auth-port 1645 acct-port 1646
 key <removed>
!
radius server NPS02
 address ipv4 172.18.3.162 auth-port 1645 acct-port 1646
 key <removed>

3 REPLIES 3
Highlighted
Advisor

16.x code is "bleeding edge"

16.x code is "bleeding edge" new.  I don't think I would use it in a production environment yet.

I would downgrade to the "gold star" release 3.6.4E.

https://software.cisco.com/download/release.html?mdfid=284455427&softwareid=282046477&release=3.6.4E&relind=AVAILABLE&rellifecycle=MD&reltype=latest

Highlighted
Enthusiast

Re: 16.x code is "bleeding edge"

16.3.3 is recommend by cisco for ISE and its compatible.

Some users can't downgrade (ie Multigig swtiches)

Highlighted
Beginner

Hi, were you able to figured

Hi, were you able to figured that out. I'm getting issues with a 4331 and radius also.

CreatePlease to create content
Content for Community-Ad