ACS and 3550

kknuckles · ‎09-05-2007

I am wanting to configure a 3550 to send authentications to our ACS appliance. I have configured the AAA Client in ACS. On the switch I did:

aaa new-model

aaa authentication dot1x default group radius

radius-server host 10.98.8.31 auth-port 1812 acct-port 1813

int fa0/1

dot1x port-control auto

what else am I missing?

Jagdeep Gambhir · ‎09-05-2007

Do you see any hits on acs failed attempts ? If you are doing vlan assignment then you also need authorization for network

aaa authorization network default group radius if-authenticated

If still we have issue , get debug radius and debug dot1x all

Regards,

~JG

kknuckles · ‎09-05-2007

do I need to enable dot1x system-auth-control?

Jagdeep Gambhir · ‎09-05-2007

Make sure that shared secret key is correct. Please enter it again, do not copy paste.

Also check,

ACS--->Network configuration----> NDG (where you have this switch) ----> Edit Properties----> Remove key.

Keep in mind that NDG key overwrites aaa client key.

Regards,

~Jg

kknuckles · ‎09-05-2007

I think I got it. I am showing a passed authentication now. Thanks for the help.

as soon as I enabled dot1x system-auth-control it began passing the authentication. I had to have that command you sent me as well.

thanks again