802.1x authentication

Unanswered Question
Apr 26th, 2007
User Badges:

Hi All,

I am trying to implement 802.1x security on the network. I am tesiting on a switch on one of the ports with the following config

conf t

aaa new-model

aaa authentication dot1x default group radius

radius-server host x.x.x.x auth-port 1612 key rad1234

int fa1/0/x

dot1x port-control auto

switch is added as client on DC with IAS installed. I have a remote access policy configured called DOT1X AUTHENTICATION. In active directory i have a global group called AUTH PC's.I have no certificate set up on server. My questions are as follows

1. What needs to be added to Active Directory group ? All domain pc's

2. On client LAN properties PEAP settings. Do I need certificate generated or can I just add dc to trusted servers. I am using MSCHAP V2 here.

Also if pc is on domain it will allow authentication. If not it will then prompt for username/password.

If I am missing anything please let me know of if config needs tuning

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion