01-10-2012 08:17 AM - edited 03-07-2019 04:15 AM
Hi everyone,
I am having a problem with getting port authentication to work correctly. The laptop cannot get a DHCP address from the dot1x enabled port. I believe I have all the configuration correct.
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
dot1x system-auth-control
!
interface FastEthernet0/2
description *** User with Phone ***
switchport access vlan 60
switchport mode access
switchport voice vlan 61
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust cos
auto qos voip trust
dot1x port-control auto
dot1x reauthentication
spanning-tree portfast
!
radius-server host 172.25.101.250 auth-port 1812 acct-port 1813 key ********
Attached is a debug from the switch. Radius is working correctly as I can see my laptop connect when I remove the port configuration.
I am currently testing this configuration on a 3560 running
c3560-advipservicesk9-mz.122-25.sed1.bin
Thanks,
Chris
01-10-2012 09:53 AM
Can you ping your radiuis-server from the switch?
Do you have an dot1x client authentication enabled on your OS?
Did you add the macaddress of your computer to the radius server correctly?
---
Posted by WebUser Milo Elchingon Dechingones
01-11-2012 05:56 AM
I can ping between the server and the switch (sourcing the user vlan)
I have dot1x authentication enabled on the OS.
I'll need to double check the remote access policies-
01-11-2012 07:32 AM
01-11-2012 07:34 AM
The radius server is setup to look for match "Ethernet" and Domain User to grant access permission.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide