Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4230
Views
3
Helpful
7
Replies

aaa do1x configured locally without server

Sarg .
Level 3
Level 3

‎08-23-2008 11:41 AM - edited ‎03-10-2019 04:03 PM

Hello people, I am having some problems test AAA authenitication.

Here are the commands I have on the switch.

username cisco password cisco

aa new-model

aaa authentication dot1x default-local

dot1x system-auth-control

int fa 0/3

switchport host

switchport access vlan 3

dot1x port-control

after this configuration my port goes yellow obviously cos I have not entered the password. I tried to enable authentication features on the local area connection properties box on the PC but it does not prompt me to enter password after all my attempts Please does anyone have a solution for me. Thanks

Labels:
0 Helpful
7 Replies 7

Premdeep Banga
Level 7
Level 7

‎08-23-2008 12:16 PM

is the command

aaa authentication dot1x default local,

or

aaa authentication dot1x default-local

Use the first one.

And if you are using Window PC, then by default its configured for smart card/EAP-TLS authentication, change it to MD5 and try.

Regards,

Prem

Please rate if it helps!

0 Helpful

Sarg .
Level 3
Level 3
In response to Premdeep Banga

‎08-23-2008 01:22 PM

Thanks i will try this when i get back to school after bank holiday monday. Thanks

I'll be sure to give u feed backs

cheers

0 Helpful

Sarg .
Level 3
Level 3

‎08-26-2008 02:10 PM

Thanks so much pal. Everything when rather well. The PC now prompts me for user name password. I noted that it also asked me for domain-name.

I was not too sure about the importance of this so i just went into the switch anyway added

(config)# ip domain-name cisco

anyway, once i was through doing that i went to the PC and add the login and password but the PC reports back that it failed to authenticate.

I then went back into the switch and add

(config )# Username cisco password cisco level 15

and still the PC keeps informing me that it can not authenticate with a 'failed to authenticate' report was then wondering if my PC actually supports Extensible Authentication Protocol

could this be the problem? if so , how can i cross check this?

cheers for you time

thanks

0 Helpful

Premdeep Banga
Level 7
Level 7
In response to Sarg .

‎08-26-2008 03:00 PM

to be frank, what you are doing, no one does that i.e. using routers/switch local database. I am not sure, I might have to look it up. But I dont think router/switch local database supports EAP-MD5. As far as domain goes, leave it blank when filling that information for authentication.

I would suggest if you are testing, use an ACS for Windows trial version, as a Radius server.

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval

Regards,

Prem

Please rate if it helps!

Sarg .
Level 3
Level 3
In response to Premdeep Banga

‎08-26-2008 03:23 PM

Yeah, i can understand. I am a student.I am just trying some hands-on-labs

cheer for the effort

0 Helpful

Sarg .
Level 3
Level 3
In response to Premdeep Banga

‎08-26-2008 03:25 PM

I cant seem to get anything of the link

0 Helpful

Premdeep Banga
Level 7
Level 7
In response to Sarg .

‎08-26-2008 03:29 PM

you must have a valid cisco.com profile. If you dont, please Register, you should be able to download the trial.

Regards,

Prem

Please rate if it helps!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents