11-07-2012 02:51 PM - edited 03-07-2019 09:55 AM
Confused.. I know commands changed in 15 from dot1x ... to authentication ... etc. I have this working on oth 2960S's, but on this 3560G, I have no "authentication" or "dot1x" commands on a per port basis..
sh run <snippit>
aaa new-model
!
!
aaa authentication enable default enable
aaa authentication dot1x default group radius
aaa authorization console
aaa authorization exec default local if-authenticated
aaa authorization commands 15 default local if-authenticated
aaa authorization network default group radius
dot1x system-auth-control
radius server rad1
.
.
raduis server rad2
.
.
Then I attempt:
cgp1-swa01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
cgp1-swa01(config)#dot
cgp1-swa01(config)#dot1x ?
credentials Configure 802.1X credentials profiles
critical Set 802.1x Critical Authentication parameters
guest-vlan Configure Guest Vlan and 802.1x Supplicant behavior
logging Set logging parameters
supplicant 802.1X supplicant configuration
system-auth-control Enable or Disable SysAuthControl
test Configure dot1x test related parameters
cgp1-swa01(config)#dot1x sy
cgp1-swa01(config)#dot1x system-auth-control
cgp1-swa01(config)#int gi0/12
cgp1-swa01(config-if)#auth?
% Unrecognized command
Any thoughts? Am I missing something to enable this functionality, or is my switch not capable??
Cheers.
11-07-2012 03:20 PM
Hi Neal,
Here are the features supported by this software on this platform:
http://tools.cisco.com/ITDIT/CFN/jsp/SearchBySoftware.jsp
Go to search by software then select IOS, select 15.0SE, release 15.0(1)SE2 then choose platform and feture set.
REgards
Please rate if it helps.
11-07-2012 03:54 PM
Well, thanks for that. It confirms that the features should be supported by the IOS/hardware, however my problem of the commands not being recognized still exists.
Any thoughts?
11-07-2012 04:16 PM
What version of IOS are you running? This feature should be supported in IP Base image.
Here is sh ver form a 3750 running IP Services that supports Authentication command under the interface.
System image file is "flash:/c3750e-universal-mz.122-52.SE/c3750e-universal-mz.122-52.SE.bin"
Switch(config)#dot1x system-auth-control
Switch(config)#inter gi1/0/2
Switch(config-if)#auth
Switch(config-if)#authentication ?
control-direction Set the control-direction on the interface
event Set action for authentication events
fallback Enable the Webauth fallback mechanism
host-mode Set the Host mode for authentication on this interface
open Enable or Disable open access on this port
order Add an authentication method to the order list
periodic Enable or Disable Reauthentication for this port
port-control Set the port-control value
priority Add an authentication method to the priority list
timer Set authentication timer values
violation Configure action to take on security violations
Switch(config-if)#authentication
11-08-2012 09:19 AM
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3560G-48PS 15.0(1)SE2 C3560-IPBASEK9-M
I'm still confused.. this works on a 2960S (same IOS ver).
11-08-2012 09:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide