802.1x on 2960 cluster switch

Unanswered Question
Dec 2nd, 2009

Hi,

I am trying to get 802.1x port based authentication working on a cluster switch member. All the switches are 2960 series veriosn 12.2 (44) SE2. Only the cluster commander has an IP set and that is configured on the radius server (Windows 2008 NPS) as a client.

I have the following configuration on all the cluster switches

aaa new-model
aaa authentication dot1x default group radiusx

radius-server host 172.19.x.xx auth-port 1645 acct-port 1646
radius-server key xxxxx

The switch port that I am testing has the following config

interface fa0/15
switchport mode access
dot1x port-control auto
no shut

I cant see anything in the logs on the cluster member. The radius server has no requests in its log either. Anyone has any clues?

Regadrs,

Salil

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
chitre_salil Fri, 12/04/2009 - 16:59

Hi Ganesh,

Thanks for the link. The configuration I am using works perfect if I use it on a standalone switch. It proves that my Switch config, radius server config and client config is working. Its only when I try to use the same switch config on a switch cluster that I cant get it to work. I have tried giving the cluster member its own IP address so that it can communicate with the radius server directly but it did not help.

On the client I can see the EAPOL start message generated. I dont see the switch querying the client for authentication details. The switch simply enables the port. The switch port config is

interface FastEthernet0/15
switchport access vlan xxx
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree bpduguard enable

I am not sure if there is anything else required to get this working in a switch cluster.

Regards,

Salil

Ganesh Hariharan Fri, 12/04/2009 - 23:03

Try to configure cluster ip and static ip of the switch in acs aaa client tab then see what happens.

Regards

Ganesh.H

Actions

This Discussion

Related Content