I'm hoping someone will be able to help me out here.
The problem is that with any EAP method of authentication that utilizes authentication with a certificate or smart card the switch will somehow impede authentication with the radius server.
The EAP Methods I have tried on a SG-300-28P and ESW-540-24p switch are:
PEAP (Smart Card)
I know that the radius server works because when I switch to a different switch the client works just fine, or if I keep the client on this switch and use any password method (PEAP (MSCHAPv2), MSCHAPv2, EAP-MD5) it also works.
We never did find a solution to this problem on the Cisco small business switches. Eventually we upgraded them all to the Cisco Catalyst 3750x and 3560x switches and these problems are not existant on the new switches. It may be some kind of limitation that was not mentioned.
If anyone has an idea why this is happening I would be greatful to hear it.
do you use in your configuration dynamic vpn assignment to authenticated ports? I have very simillar configuration in my network and port based authentication utilising computer certificates works without any problems except from Vlan assignments.
I have two core switches catalyst 3560 and three esw540 access switches, trunk ports between switches are correctly configured, I have also network policies for 802.1x authentication and Vlan assignments, all works fine on 3560 switches and my workstations are authenticated correctly and also assigned to the correct Vlan, based on policy but somehow this doesn't work on my esw540 switches. I can see on my NHS that authentication works only when I specify access Vlan for the specific port otherwise Vlan is not assigned dynamically. hope I described my issue as clear as possible and someone can give me a tip how to make this up and running.
Article ID:4006 Configure Secure Shell (SSH) Server Authentication
Settings on a Switch Objective Secure Shell (SSH) is a protocol that
provides a secure remote connection to specific network devices. This
connection provides functionality that is similar...
Article ID:4982 Access an SMB Switch CLI using SSH or Telnet Objective
The Cisco Small Business Managed Switches can be remotely accessed and
configured through the Command Line Interface (CLI). Accessing the CLI
allows commands to be entered in a termina...
Article ID:5735 Convert Configuration Files using the Configuration
Migration Tool on Cisco Small Business Switches Introduction The Cisco
Configuration Migration Tool allows you to convert configuration files
from previous generation of Cisco Small Busin...