Dot1x Port Authentication

cpratt · ‎01-10-2012

Hi everyone,

I am having a problem with getting port authentication to work correctly. The laptop cannot get a DHCP address from the dot1x enabled port. I believe I have all the configuration correct.

aaa authentication dot1x default group radius

aaa authorization network default group radius

!

dot1x system-auth-control

!

interface FastEthernet0/2

description *** User with Phone ***

switchport access vlan 60

switchport mode access

switchport voice vlan 61

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust cos

auto qos voip trust

dot1x port-control auto

dot1x reauthentication

spanning-tree portfast

!

radius-server host 172.25.101.250 auth-port 1812 acct-port 1813 key ********

Attached is a debug from the switch. Radius is working correctly as I can see my laptop connect when I remove the port configuration.

I am currently testing this configuration on a 3560 running

c3560-advipservicesk9-mz.122-25.sed1.bin

Thanks,

Chris

fb_webuser · ‎01-10-2012

Can you ping your radiuis-server from the switch?

Do you have an dot1x client authentication enabled on your OS?

Did you add the macaddress of your computer to the radius server correctly?

---

Posted by WebUser Milo Elchingon Dechingones

cpratt · ‎01-11-2012

I can ping between the server and the switch (sourcing the user vlan)

I have dot1x authentication enabled on the OS.

I'll need to double check the remote access policies-

cpratt · ‎01-11-2012

cpratt · ‎01-11-2012

The radius server is setup to look for match "Ethernet" and Domain User to grant access permission.