02-17-2009 10:50 PM - edited 03-10-2019 04:20 PM
Hello,
I would like to configure Dot1x authentication on each switch interface that belongs to data and voice vlan such as for eg:
Interface FastEthernet 1/1
switchport access vlan 10
switchport voice vlan 20
But it is not allowed to configure Dot1x on these interfaces, Our aim is to provide authorized access to our LAN either by Dot1x Authentication or through Machine Authentication.
Now I am having the following doubts
1.Is Dot1x configurations on switch ports is a part of Machine Authentication procedure
2.What kind of configurations is required on switch port interface to enable machine authentication
3.And how the individual switch port is controlled in case of machine authentication.
Your kind response will be appreciated and thanks in advance.
Best Regards,
Ahmed
02-18-2009 04:59 AM
You need to configure the following on the port:
Swichport mode access
Hth,
02-19-2009 03:55 AM
Thanks for the immediate response,I verified the Switchport mode access is configured but still Dot1x is not allowed to configured.
Thanks and Regards
02-19-2009 08:54 AM
What is the model switch and IOS/CATOS version running. What is the current AAA and DOT1X global settings. What is the configuration for the port. What is the command that you are entering that is failing.
02-22-2009 02:08 AM
Hello,
Thanks for the kind response, please be updated on the following
1. IOS Version and Model:
Cisco Internetwork Operating System Software IOS (tm) s3223_rp Software (s3223_rp-IPBASEK9-M), Version 12.2(18)SXF4, RELEASE SOFTWARE (fc1)
cisco WS-C6509-E (R7000) processor (revision 1.2) with 227328K/34816K bytes of memory.Processor board ID SMC1022009Q
2. AAA and DOT1x global configs:
aaa new-model
aaa authentication fail-message ^CCCUsername or Password is not Correct^C
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting send stop-record authentication failure
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host x.x.x.x
tacacs-server host y.y.y.y
tacacs-server key zzz
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key zzz
radius-server host y.y.y.y auth-port 1645 acct-port 1646 key zzz
radius-server source-ports 1645-1646
3. Port Configs:
sh run interface fa2/6
Building configuration...
Current configuration : 139 bytes
!
interface FastEthernet2/6
switchport
switchport access vlan 101
switchport mode access
switchport voice vlan 102
no ip address
end
4. Dot1x command output:
dot1x port-control auto
Command rejected: One or more ports configured with voice vlan.
Dot1x can't be enabled on voice vlan configured ports.
Hope this information will help you to suggest a feasible solution.
Once again Thanks
Kind Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: