RE: dot1x system-auth-control is required or not?

From: Keyur Shah (kshah@hellocomputers.com)
Date: Tue Dec 23 2003 - 15:40:00 GMT-3

• Next message: Peng Zheng: "dot1x system-auth-control is required or not?"
• Previous message: Peng Zheng: "dot1x system-auth-control is required or not?"
• Maybe in reply to: Peng Zheng: "dot1x system-auth-control is required or not?"
• Next in thread: William Chen: "Re: dot1x system-auth-control is required or not?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Peng,

You need to configure dot1x system-auth-control global command as well as
interface command to enable it. As per your previous question of using non
default method, it seems to be applied even if you use non default profile.
However dot1x is supported only for RADIUS and therefore it may not be
necessary to have backup method or use different profile name then default.

---capture---

cat1(config)#do sh int f0/1
FastEthernet0/1 is up, line protocol is up (connected)
  <snip>
          
cat1(config)#aaa new
cat1(config)#aaa authe dot1x blah group radius
cat1(config)#radius
cat1(config)#radius-server host 1.1.1.1 key hello
cat1(config)#int f0/1
cat1(config-if)#dot1x ?
  default Configure Dot1x with default values for this port
  guest-vlan Configure Guest-vlan on this interface
  host-mode Set the Host mode for 802.1x on this interface
  max-req Max No.of Retries
  port-control set the port-control value
  reauthentication Enable or Disable Reauthentication for this port
  timeout Various Timeouts

cat1(config-if)#dot1x port-control auto
cat1(config-if)#do sh int f0/1
FastEthernet0/1 is up, line protocol is up (connected)
  <snip>
          
cat1(config-if)#exit
cat1(config)#dot1x syst
cat1(config)#dot1x system-auth-control
cat1(config)#
5d22h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to down
cat1(config)#do sh int f0/1
FastEthernet0/1 is up, line protocol is down (notconnect)
  <snip>
cat1(config)#

-Keyur Shah-
QUAD CCIE# 4799 (Voice; Service Provider; Security; R/S)
CCSI, CISSP, Check Point CCSE Plus, MCSE
http://www.hellocomputers.com
"Say Hello To Your Future!"
1.877.79.HELLO
Hall of Fame@
http://www.hellocomputers.com/hellofame.html

-----Original Message-----
From: Peng Zheng [mailto:zpnist@yahoo.com]
Sent: Tuesday, December 23, 2003 10:31 AM
To: ccielab@groupstudy.com
Subject: dot1x system-auth-control is required or not?

When configure dot1x, do I always need to configure
dot1x system-auth-control or I only need to configure
dot1x port-control auto under the interface I want to
enable dot1x authentication?

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/

• Next message: Peng Zheng: "dot1x system-auth-control is required or not?"
• Previous message: Peng Zheng: "dot1x system-auth-control is required or not?"
• Maybe in reply to: Peng Zheng: "dot1x system-auth-control is required or not?"
• Next in thread: William Chen: "Re: dot1x system-auth-control is required or not?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:44 GMT-3