cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
33649
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Resolution

Complete these steps in order to configure 802.1x authentication on the switch:

  • Go into the interfaces connected to the clients using "interface interface_id" command and configure the following

  • In the case of Microsoft Windows XP client, for MAC authentication to work, disable the client in order to send an EAP request, so that switch can consider it as agentless host, and initiates the MAC authentication bypass process. This is the registry fix on Windows XP test machine:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
    "SupplicantMode"=dword:00000000


  • Create an AAA client entry for the switch in ACS from the Network Configuration section. Use RADIUS as the authentication protocol.

  • On ACS, create an account for the client, based on its MAC address. For example, if the MAC address of the client is 00-15-C5-3A-E4-0D "

    Username : 0015c53ae40d
    Password : 0015c53ae40d


Note:  Ensure that ACS is does not hit Cisco bug ID CSCsh62641.

Refer to the Using IEEE 802.1x Authentication with MAC Authentication Bypass section of Configuring IEEE 802.1x Port-Based Authentication for more information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: