802.1x on 2960 cluster switch

Unanswered Question
Dec 2nd, 2009
User Badges:


I am trying to get 802.1x port based authentication working on a cluster switch member. All the switches are 2960 series veriosn 12.2 (44) SE2. Only the cluster commander has an IP set and that is configured on the radius server (Windows 2008 NPS) as a client.

I have the following configuration on all the cluster switches

aaa new-model
aaa authentication dot1x default group radiusx

radius-server host 172.19.x.xx auth-port 1645 acct-port 1646
radius-server key xxxxx

The switch port that I am testing has the following config

interface fa0/15
switchport mode access
dot1x port-control auto
no shut

I cant see anything in the logs on the cluster member. The radius server has no requests in its log either. Anyone has any clues?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
chitre_salil Fri, 12/04/2009 - 16:59
User Badges:

Hi Ganesh,

Thanks for the link. The configuration I am using works perfect if I use it on a standalone switch. It proves that my Switch config, radius server config and client config is working. Its only when I try to use the same switch config on a switch cluster that I cant get it to work. I have tried giving the cluster member its own IP address so that it can communicate with the radius server directly but it did not help.

On the client I can see the EAPOL start message generated. I dont see the switch querying the client for authentication details. The switch simply enables the port. The switch port config is

interface FastEthernet0/15
switchport access vlan xxx
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree bpduguard enable

I am not sure if there is anything else required to get this working in a switch cluster.



Ganesh Hariharan Fri, 12/04/2009 - 23:03
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Try to configure cluster ip and static ip of the switch in acs aaa client tab then see what happens.




This Discussion

Related Content