Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

802.1x port authentication

Hello!

We have some problems with 802.1x port authentication after updating the Cisco IOS to 12.2(35)SE5.

First there was the IOS 12.2(25r)SEC on the cisco switch 3560 and the port authentication is working. I can see, that the Cisco sends "EAP Request Identity" Version 1 to the network device. After the network device has answered the request identity, the cisco starts to communicate with the radius server. Everything is working!

After I have updated the Cisco to IOS 12.2(35)SE5 I can see, that the Cisco sends a "EAP Request Identity" Version 2 to the network device. The network device can not answer this request, and there is no more communication, so the port is shutdown.

Is there any possibility to change the Version of the EAP Request in the Cisco?

Thanks a lot for your help!

4 REPLIES
Silver

Re: 802.1x port authentication

Currently there is no feature to configure what version of EAP in which we send. However, unless there is a supplicant issue, which this appears to be, then the mismatch in EAP version should not effect functionality. Better to down grade the IOS.

New Member

Re: 802.1x port authentication

Are you using the windows client? Could you try the open 802.1x client before you downgrade.

New Member

Re: 802.1x port authentication

Hello!

The network device is not a windows client, it's a device to transmit videostreams. There is a possibility to use 802.1x authentications, but this is not working in conjuction with the latest Cisco IOS.

New Member

Re: 802.1x port authentication

If you are using 802.1x for such device you need to be sure that the client side is sending eap response - in this particular application I am assume somebody was responding to eap request? I dont understand how you device authenticates - could you please elaborate.

If it is an option authenticate from a pc host via the same port - to verify 802.1x is working Cisco side as expected.

159
Views
0
Helpful
4
Replies
CreatePlease to create content