Re: C1000 Stack dot1x problem

marcinkirszniak · ‎05-15-2023

Hello

On company we have run dot1x and mab authentication.

On a stack of of 3 C1000-48P-4G-L doesn't work dot1x authentication. Mab authentication works fine.

On a standalone C1000-48P-4G-L with the same configuration as stack dot1x and mab works fine.

SW Version 15.2(7)E7.

Kasun Bandara · ‎05-15-2023

@marcinkirszniak hi, what you mean by stack of 3 x C1000. ? is it connected using uplinks together? because that model do not support stacking.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

marcinkirszniak · ‎05-15-2023

Sorry, bad naming.

I mean Single IP Management via SFP uplinks.

Kasun Bandara · ‎05-15-2023

sorry in that case, i did not used 802.1x in that way. i suppose someone who tried this can support here. my personal idea is its better try different ip management in this case for testing. because management ip have effect on connectivity between switch and radius. but you can try creating separate vlan interface with different IPs for this purpose and check what happens.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

MHM Cisco World · ‎05-15-2023

can I see the config of dot1x?

balaji.bandi · ‎05-15-2023

For manangement i would not suggest to use Dot1.x - when Dot1.x fails you need to get on to device using Manangement IP - that is reason that is OOB for diagnosis. stack will have only 1 MGMT IP.

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/dam/en/us/td/docs/switches/lan/catalyst1000/software/releases/15_2_7_e/configuration_guides/stacking/b_1527e_single_ip_management_c1000_cg.html.xml

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst1000/software/releases/15_2_7_e/configuration_guides/stacking/b_1527e_single_ip_management_c1000_cg.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marcinkirszniak · ‎05-16-2023

@balaji.bandi we don't use dot1.x for managment, we use it for computers authentication.

@MHM Cisco World you mean config on interface:

interface x
description dot1x
switchport mode access
power inline never
authentication event fail action next-method
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator

of corse on switch we have command: dot1x system-auth-control

MHM Cisco World · ‎05-16-2023

additional to this please share the config of radius server config

marcinkirszniak · ‎05-24-2023

@MHM Cisco World we have run radius on NPS, Windows Server. What config You will see?

MHM Cisco World · ‎05-24-2023

NO I meaning the config of radius server in SW.

you share the config of dot1x not how you config SW to connect to radius

marcinkirszniak · ‎05-24-2023

Ok. Sorry. Now i understand.

aaa group server radius NPS
server name NPS2
server name NPS1
ip radius source-interface VlanX

radius server NPS2
address ipv4 IP1 auth-port 1812 acct-port 1813
key 7 xyz
!
radius server NPS1
address ipv4 IP2 auth-port 1812 acct-port 1813
key 7 xyz
!