From: Stefan Grey (examplebrain@hotmail.com)
Date: Sat Jul 29 2006 - 08:51:28 ART
Hello. I want just to see how does the dot1x work. As I have read dot1x
works only with radius.
ACS-SW1-PC1.
Well I can ping from SW1 both BC1 and ACS. I configured telenet
authentication on SW1 through radius. It works fine. The problems I have are
with dot1x. When configured dot1x on the port to PC1.. PC1 can't either ping
or initialize the telnet session. It can't do anything.
Question: What should I configure further on ACS or how can I initialize the
dot1x authentication on PC1 to permit the traffic through SW1??
The config of SW1 is as below:
hostname SW2
!
aaa new-model
aaa authentication login MYLOGIN group radius
aaa authentication dot1x default group radius
!
ip subnet-zero
!
no ip domain-lookup
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree extend system-id
dot1x system-auth-control
interface FastEthernet0/15
switchport access vlan 3
switchport mode access
dot1x port-control auto
spanning-tree portfast
!
interface Vlan3
ip address 10.10.10.8 255.255.255.0
!
interface Vlan33
ip address 151.4.2.8 255.255.255.0
!
ip classless
ip http server
!
radius-server host 151.4.2.50 auth-port 1812 acct-port 1813 key cisco
radius-server retransmit 3
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login authentication MYLOGIN
line vty 5 15
!
!
end
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART