I am having 2960 switch on which dot1x is configured. It is also configured for AAA authentication. when user tries to connect to a local network, it gets authencated from a radius server and a user is allowed in a network.
Now I want all critical users to get connected in the network evenif the radius server is not reachable.
Hence for the same I have configured the 802.1x "inaccessible authentication bypass" feature as per cisco configuration guide.
But still, whenever I unpluge the radius server and try to connect the user in network, Dot1x asks for the username and password and do not allow network connection.
I have even tried using the radius as a first auth. and local database as a second auth. method. But still no success.
Can you post the port configurations here ? have you configured the critical port, radius parameters etc, and does the switch recognize that the radius server is down ?
I think this is more to do with the design of the entire dot1x authentication.. I have tried this in labs and have had tough times, generating these scenarios.. we would hardly able to justify this feature on the network. I think it is highly advisible to have dual radius servers (or even more than 2), and configure the switches with standby radius servers.. I really wouldnt want my network enabled with 802.1x and having issues contacting the radius server.. even though we have options and solutions to overcome it, i wouldnt want too many complications on the 802.1x front..
Hope this helps.. all the best.. rate replies if found useful..
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :