cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1556
Views
5
Helpful
3
Replies

Wired Dot1x Configuration

I'm attempting to set up dot1x authentication on a 3650 switch (just one port for now).  I'm using NPS as my RADIUS server.

 

I'm looking for help figuring out what this Missing Config mentioned in the debug is referring to.

 

The debug on the switch shows:

Apr 21 14:16:30.477 MDT: %SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (54ee.7543.588f) on Interface GigabitEthernet1/0/2 AuditSessionID 0000000000000054F60E33FC. Failure reason: Authc fail. Authc failure reason: Missing Config.

 

aaa new-model

aaa authentication dot1x default group radius group RadiusGroup

aaa authorization network default group RadiusGroup

!

interface GigabitEthernet1/0/2
description Dot1x Test Port
switchport mode access
power inline never
authentication event fail action authorize vlan 1
authentication event no-response action authorize vlan 1
authentication priority mab dot1x
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x max-reauth-req 1
dot1x supplicant eap profile EAP-Profile
spanning-tree portfast
end

!

radius server BIL-NET-01
address fqdn BIL-NET-01.mydomain.com auth-port 1645 acct-port 1646

key 7 *********************

 

3 Replies 3

Leo Laohoo
Hall of Fame
Hall of Fame

What version is the switch running on?

Hi Leo,

I'm running 16.12.05b.

 

Brian

We have encountered some issues with our Dot1X deployment, especially on IOS-XE (no issues observed on classic IOS).  

When a port flaps (port goes down and then up continuously) on a port with static VLAN assignment, nothing happens to the CPU/Memory of the switch. 

The issues we are experiencing is when a Dot1X port (a single port) flaps, it will cause a memory leak and cause the Standby switch member to crash every three to six weeks (3850).  That is all it takes, a single flapping port.  Our switches are running 16.12.4 and I have seen this issue on some of our switches testing 16.12.5.  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: