Resolution
Complete these steps in order to configure 802.1x authentication on the switch:
- Configure following commands on switch in Global configuration mode:
- Go into the interfaces connected to the clients using "interface interface_id" command and configure the following
- In the case of Microsoft Windows XP client, for MAC authentication to work, disable the client in order to send an EAP request, so that switch can consider it as agentless host, and initiates the MAC authentication bypass process. This is the registry fix on Windows XP test machine:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
"SupplicantMode"=dword:00000000
- Create an AAA client entry for the switch in ACS from the Network Configuration section. Use RADIUS as the authentication protocol.
- On ACS, create an account for the client, based on its MAC address. For example, if the MAC address of the client is 00-15-C5-3A-E4-0D "
Username : 0015c53ae40d
Password : 0015c53ae40d
Note: Ensure that ACS is does not hit Cisco bug ID CSCsh62641.
Refer to the Using IEEE 802.1x Authentication with MAC Authentication Bypass section of Configuring IEEE 802.1x Port-Based Authentication for more information.