Need a help
1) We have implementing 802.1x authentication( MAC authentication) for central location,each user need to be authenticate through Laptop/desktop MAC address based on 802.1x. after authenticating user have received IP address from DHCP server.
2) We are using separate DHCP server in Central location as well as each location which has been implemented in swicth.
3) For authentication we are using Cisco ACS 4.1 and authentication based on ieee
4) In central location all user able to authenticate properly through ACS
5) For remote branches if we are configured 802.1x related configuration user not able to get authenticate and not bale to attach with network.
6) Central Location and Remote location using class B and Class C network segment. All the swith in remote location work as a transparent bridging.
Configuration in switch :
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
ip dhcp excluded-address 192.168.108.1
ip dhcp excluded-address 192.168.108.1 192.168.108.5
!
ip dhcp pool LOCALLAN
network 192.168.108.0 255.255.255.0
default-router 192.168.108.1
dns-server 172.16.25.9 172.16.25.8
!
!
interface FastEthernet0/23
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout tx-period 1
dot1x reauthentication
!
radius-server host 172.16.25.100 auth-port 1645 acct-port 1646 key 7 045802150C2E1D1C5A
1) We have implementing 802.1x authentication( MAC authentication) for central location,each user need to be authenticate through Laptop/desktop MAC address based on 802.1x. after authenticating user have received IP address from DHCP server.
2) WE are using separate DHCP server in Central location as well as each location which has been implemented in swicth.
3) For authentication we are using Cisco ACS 4.1 and authentication based on ieee
4) In central location all user able to authenticate properly through ACS
5) For remote branches if we are configured 802.1x related configuration user not able to get authenticate and not bale to attach with network.
Configuration in switch :
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
ip dhcp excluded-address 192.168.108.1
ip dhcp excluded-address 192.168.108.1 192.168.108.5
!
ip dhcp pool LOCALLAN
network 192.168.108.0 255.255.255.0
default-router 192.168.108.1
dns-server 172.16.25.9 172.16.25.8
!
!
interface FastEthernet0/23
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout tx-period 1
dot1x reauthentication
!
radius-server host 172.16.25.100 auth-port 1645 acct-port 1646 key 7 045802150C2E1D1C5A
Switch not able to sending EAPOL packect to ACS and there is not blocking in Firewall for 1645 and 1646 service.
Could you please help us regarding that problem so that we are able to mitigate the issue.
