802.1x protocol version issues with network printers

Unanswered Question
Jan 26th, 2010

Hello guys,

currently we are deploying Catalyst 3560 switches in our enviroment. These switches are working with dot1x protocol version 2. The old ones (2950) are with version 1. We have several networkprinters and it seems these combination does not work togehter. The printers are not authenticating. Port remains unauthorized. Mac Bypass is only working if 802.1x is disabled on these printers. Are these protocol version incompatible ??? Is any one out there who´s having the same issues or an idea how to fix this.

Thx...

Marc

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Wed, 01/27/2010 - 05:50

Hi Marc:

I checked this on switch running 12.2.x and it was dot1x protocol version=2, so it looks like that protocol version was introduced from 12.2.x

onwards. There should not be any compatible issue but I have seen this issue in the past with 2950 running dot1x version 1.

EAPOL packet Protocol version field holds the version of the protocol supported by the sender of the EAPolpacket. It means the supplicant will try with a more secure protocol version with the server if server does not support that, then supplicant with try with the next/lower one available until both server and client negotiate on a common protocol version.

HTH

Regards,

JK

Plz rate helpful posts-



Marc Plagge Wed, 01/27/2010 - 06:29

Hello again,

i´ve read my first posting again. It´s may be a little bit confusing which switch is working. 2950 dot1x V1 --> Everything is fine! 3560 dot1x V2 --> not working with printers! In the debug log EAPOL seems not going down to V1 (EAPOL Version: 0x2  type: 0x0  length: 0x0005). Is there any way to force the 3560 to go to dot1x V1?

thx

Marc

Actions

This Discussion