From: pauldongso (pauldongso@hotmail.com)
Date: Thu Jul 31 2003 - 02:33:19 GMT-3
Not sure if you have figured this out.
Once aaa new-model is enabled, aaa authentication takes precedence over
line authentication config.
You need these extra commands for your telnet work properly
Aaa new-model
Aaa authentication vty-access default line
Aaa authorisation default if-authenticated
Line vty 0 4
Login authentication vty-access
HTH
Paul
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Emmett Brown
Sent: Tuesday, 29 July 2003 1:58 PM
To: ccielab@groupstudy.com
Subject: ieee802.1x port authentication and telnet...
dear all,
my topology:
3550 ------------------------------- 1751router
.253 100.100.10.x/24 .254
on 3550, if i am to configure for 802.1x port authentication on port
0/1, my configuration follows:
configure terminal
aaa new-model
aaa authentication dot1x default group radius
radius-server host 100.100.10.10 auth-port 1812 key cisco
interface fa0/1
dot1x port-control auto
line vty 0 4
login
password cisco
however, if i use the router to telnet to 3550, it still requires the
router to use radius authentication... is there any way i can use
normal authentication on the vty ports while using 802.1x port
authentication on the fa0/1 physical port?
Emmett
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:59 GMT-3