Getting dot1x states into syslog

Unanswered Question
Apr 20th, 2009
User Badges:


I'm doing some dot1x/eap-tls here, and everything is going quite well. I can assign vlans over radius/ldap to the clients, including guest-vlans for those without a certificate. What gives me headaches is: I can not see any logging from the switch (2960), if a client is assigned to a guest vlan because of a missing certificate. With a bunch of switches, I would like to see some logging message for this, to see the port and maybe a mac-address, so that I would be able to forward this to other instances/monitoring systems. Is there a way to make the switch more talkative regarding this? All I can see now is up/down in the syslog, the AAA-server can't handle this, because the switch won't authenticate the client without a certificate. Debug dot1x is quite clear here, but the setting gets lost after reboot. Did anybody manage to bring some transparence into this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion