i found some datasheet about dot1x and WOL, but no ones gave me satisfaction this day.
I try to have the WOL with dot1x, but is it possible ?
i have switch 2960X (SW version :15.0(2)EX4) )
the initial port's configuration below (for dot1x of course) :
authentication port-control auto
authentication violation protect
dot1x pae authenticator
with the value "authentication port-control auto" the magic packet cannot access to the computer. When i remove the value, the compoter boot correctly but, i dont have any authentication, the port keeps the old authentication and i dont see my computer on the ACS when he reboots. (i see the computer for each reboots on ACS).
but, i can log on the network domain, i have an IP, but i dont know if the computer is legit or not
i want to see the computer's registration with "sh authenti session int xxxx"
without the value "port control auto" i just see :
The IEEE 802.1X authentication with wake on LAN (WoL) feature allows dormant PCs to be powered when the switch receives a specific Ethernet frame, known as the “magic packet.” You can use this feature in environments where administrators need to connect to systems that have been powered off.
When a host that uses WoL is attached through an 802.1X port and the host powers off, the 802.1X port becomes unauthorized. The port can only receive and send EAPOL packets, and WoL magic packets cannot reach the host. When the PC is powered off, it is not authorized, and the switch port is not opened.
When the switch uses 802.1X authentication with WoL, the switch forwards traffic to unauthorized 802.1x ports, including magic packets. While the port is unauthorized, the switch continues to block ingress traffic other than EAPOL packets. The host can receive packets but cannot send packets to other devices in the network."
describes exactly the problem i have, and i cant fix it because if i remove the "authentication port-control auto" the computer does not authenticate anymore :/
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :