802.1x inaccessible authentication bypass

Unanswered Question
May 7th, 2009

I am having 2960 switch on which dot1x is configured. It is also configured for AAA authentication. when user tries to connect to a local network, it gets authencated from a radius server and a user is allowed in a network.

Now I want all critical users to get connected in the network evenif the radius server is not reachable.

Hence for the same I have configured the 802.1x "inaccessible authentication bypass" feature as per cisco configuration guide.

But still, whenever I unpluge the radius server and try to connect the user in network, Dot1x asks for the username and password and do not allow network connection.

I have even tried using the radius as a first auth. and local database as a second auth. method. But still no success.

Does anybody has experianced this problem???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Fri, 05/08/2009 - 09:58

Hello Prashant

Can you post the port configurations here ? have you configured the critical port, radius parameters etc, and does the switch recognize that the radius server is down ?

I think this is more to do with the design of the entire dot1x authentication.. I have tried this in labs and have had tough times, generating these scenarios.. we would hardly able to justify this feature on the network. I think it is highly advisible to have dual radius servers (or even more than 2), and configure the switches with standby radius servers.. I really wouldnt want my network enabled with 802.1x and having issues contacting the radius server.. even though we have options and solutions to overcome it, i wouldnt want too many complications on the 802.1x front..

Hope this helps.. all the best.. rate replies if found useful..



This Discussion