04-21-2021 01:51 PM
I'm attempting to set up dot1x authentication on a 3650 switch (just one port for now). I'm using NPS as my RADIUS server.
I'm looking for help figuring out what this Missing Config mentioned in the debug is referring to.
The debug on the switch shows:
Apr 21 14:16:30.477 MDT: %SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (54ee.7543.588f) on Interface GigabitEthernet1/0/2 AuditSessionID 0000000000000054F60E33FC. Failure reason: Authc fail. Authc failure reason: Missing Config.
aaa new-model
aaa authentication dot1x default group radius group RadiusGroup
aaa authorization network default group RadiusGroup
!
interface GigabitEthernet1/0/2
description Dot1x Test Port
switchport mode access
power inline never
authentication event fail action authorize vlan 1
authentication event no-response action authorize vlan 1
authentication priority mab dot1x
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x max-reauth-req 1
dot1x supplicant eap profile EAP-Profile
spanning-tree portfast
end
!
radius server BIL-NET-01
address fqdn BIL-NET-01.mydomain.com auth-port 1645 acct-port 1646
key 7 *********************
04-21-2021 04:20 PM
What version is the switch running on?
04-21-2021 04:30 PM
Hi Leo,
I'm running 16.12.05b.
Brian
04-21-2021 08:01 PM
We have encountered some issues with our Dot1X deployment, especially on IOS-XE (no issues observed on classic IOS).
When a port flaps (port goes down and then up continuously) on a port with static VLAN assignment, nothing happens to the CPU/Memory of the switch.
The issues we are experiencing is when a Dot1X port (a single port) flaps, it will cause a memory leak and cause the Standby switch member to crash every three to six weeks (3850). That is all it takes, a single flapping port. Our switches are running 16.12.4 and I have seen this issue on some of our switches testing 16.12.5.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide