WS-C3560G-48PS-S 15.0(1)SE2 ipbase no 802.1x interface commands...

neal.alberda · ‎11-07-2012

Confused.. I know commands changed in 15 from dot1x ... to authentication ... etc. I have this working on oth 2960S's, but on this 3560G, I have no "authentication" or "dot1x" commands on a per port basis..

sh run <snippit>

aaa new-model

!

aaa authentication enable default enable

aaa authentication dot1x default group radius

aaa authorization console

aaa authorization exec default local if-authenticated

aaa authorization commands 15 default local if-authenticated

aaa authorization network default group radius

dot1x system-auth-control

radius server rad1

.

raduis server rad2

.

Then I attempt:

cgp1-swa01#conf t

Enter configuration commands, one per line. End with CNTL/Z.

cgp1-swa01(config)#dot

cgp1-swa01(config)#dot1x ?

credentials Configure 802.1X credentials profiles

critical Set 802.1x Critical Authentication parameters

guest-vlan Configure Guest Vlan and 802.1x Supplicant behavior

logging Set logging parameters

supplicant 802.1X supplicant configuration

system-auth-control Enable or Disable SysAuthControl

test Configure dot1x test related parameters

cgp1-swa01(config)#dot1x sy

cgp1-swa01(config)#dot1x system-auth-control

cgp1-swa01(config)#int gi0/12

cgp1-swa01(config-if)#auth?

% Unrecognized command

Any thoughts? Am I missing something to enable this functionality, or is my switch not capable??

Cheers.

Sandeep Choudhary · ‎11-07-2012

Hi Neal,

Here are the features supported by this software on this platform:

http://tools.cisco.com/ITDIT/CFN/jsp/SearchBySoftware.jsp

Go to search by software then select IOS, select 15.0SE, release 15.0(1)SE2 then choose platform and feture set.

REgards

Please rate if it helps.

neal.alberda · ‎11-07-2012

Well, thanks for that. It confirms that the features should be supported by the IOS/hardware, however my problem of the commands not being recognized still exists.

Any thoughts?

Reza Sharifi · ‎11-07-2012

What version of IOS are you running? This feature should be supported in IP Base image.

Here is sh ver form a 3750 running IP Services that supports Authentication command under the interface.

System image file is "flash:/c3750e-universal-mz.122-52.SE/c3750e-universal-mz.122-52.SE.bin"

Switch(config)#dot1x system-auth-control

Switch(config)#inter gi1/0/2

Switch(config-if)#auth

Switch(config-if)#authentication ?

control-direction Set the control-direction on the interface

event Set action for authentication events

fallback Enable the Webauth fallback mechanism

host-mode Set the Host mode for authentication on this interface

open Enable or Disable open access on this port

order Add an authentication method to the order list

periodic Enable or Disable Reauthentication for this port

port-control Set the port-control value

priority Add an authentication method to the priority list

timer Set authentication timer values

violation Configure action to take on security violations

Switch(config-if)#authentication

neal.alberda · ‎11-08-2012

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 52 WS-C3560G-48PS 15.0(1)SE2 C3560-IPBASEK9-M

I'm still confused.. this works on a 2960S (same IOS ver).

neal.alberda · ‎11-08-2012

Well thats annoying...

Step 9

swtichport mode access

(Optional) Set the port to access mode only if you configured the RADIUS server in Step 6 and Step 7.

That isn't optional (otherwise there are no interface authentication commands).