aaa do1x configured locally without server

Unanswered Question
Aug 23rd, 2008

Hello people, I am having some problems test AAA authenitication.

Here are the commands I have on the switch.

username cisco password cisco

aa new-model

aaa authentication dot1x default-local

dot1x system-auth-control

int fa 0/3

switchport host

switchport access vlan 3

dot1x port-control

after this configuration my port goes yellow obviously cos I have not entered the password. I tried to enable authentication features on the local area connection properties box on the PC but it does not prompt me to enter password after all my attempts Please does anyone have a solution for me. Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Premdeep Banga Sat, 08/23/2008 - 12:16

is the command

aaa authentication dot1x default local,


aaa authentication dot1x default-local

Use the first one.

And if you are using Window PC, then by default its configured for smart card/EAP-TLS authentication, change it to MD5 and try.



Please rate if it helps!

Sarg . Sat, 08/23/2008 - 13:22

Thanks i will try this when i get back to school after bank holiday monday. Thanks

I'll be sure to give u feed backs


Sarg . Tue, 08/26/2008 - 14:10

Thanks so much pal. Everything when rather well. The PC now prompts me for user name password. I noted that it also asked me for domain-name.

I was not too sure about the importance of this so i just went into the switch anyway added

(config)# ip domain-name cisco

anyway, once i was through doing that i went to the PC and add the login and password but the PC reports back that it failed to authenticate.

I then went back into the switch and add

(config )# Username cisco password cisco level 15

and still the PC keeps informing me that it can not authenticate with a 'failed to authenticate' report was then wondering if my PC actually supports Extensible Authentication Protocol

could this be the problem? if so , how can i cross check this?

cheers for you time


Premdeep Banga Tue, 08/26/2008 - 15:00

to be frank, what you are doing, no one does that i.e. using routers/switch local database. I am not sure, I might have to look it up. But I dont think router/switch local database supports EAP-MD5. As far as domain goes, leave it blank when filling that information for authentication.

I would suggest if you are testing, use an ACS for Windows trial version, as a Radius server.



Please rate if it helps!

Sarg . Tue, 08/26/2008 - 15:23

Yeah, i can understand. I am a student.I am just trying some hands-on-labs

cheer for the effort

Premdeep Banga Tue, 08/26/2008 - 15:29

you must have a valid profile. If you dont, please Register, you should be able to download the trial.



Please rate if it helps!


This Discussion