Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dot1x Port Authentication

Hi everyone,

I am having a problem with getting port authentication to work correctly. The laptop cannot get a DHCP address from the dot1x enabled port. I believe I have all the configuration correct.

aaa authentication dot1x default group radius

aaa authorization network default group radius


dot1x system-auth-control


interface FastEthernet0/2

description *** User with Phone ***

switchport access vlan 60

switchport mode access

switchport voice vlan 61

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust cos

auto qos voip trust

dot1x port-control auto

dot1x reauthentication

spanning-tree portfast


radius-server host auth-port 1812 acct-port 1813 key ********

Attached is a debug from the switch. Radius is working correctly as I can see my laptop connect when I remove the port configuration.

I am currently testing this configuration on a 3560 running




Everyone's tags (3)

Dot1x Port Authentication

Can you ping your radiuis-server from the switch?

Do you have an dot1x client authentication enabled on your OS?

Did you add the macaddress of your computer to the radius server correctly?


Posted by WebUser Milo Elchingon Dechingones

New Member

Dot1x Port Authentication

I can ping between the server and the switch (sourcing the user vlan)

I have dot1x authentication enabled on the OS.

I'll need to double check the remote access policies-

New Member

Dot1x Port Authentication

New Member

Dot1x Port Authentication

The radius server is setup to look for match "Ethernet" and Domain User to grant access permission.