Re: Dot1x and Radius Lab ?

From: To Be CCIE (ccierocks@gmail.com)
Date: Wed May 30 2007 - 15:57:17 ART

• Next message: To Be CCIE: "Re: QOS question"
• Previous message: Gary Duncanson: "Re: OT:Ciscoworks Primary/Secondary deployment"
• Maybe in reply to: Joe Mama: "Dot1x and Radius Lab ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Although they don't effect dot1x but they are important .... just to save
the hastle of locking out. I normally configure the following before
configuring dot1x:

 aaa authentication login CONSOLE none
line con 0
login authentication CONSOLE

aaa authentication login VTY_LINE line
line vty 0 15
login authentication VTY_LINE

After this .... I'll start configuring the dot1x and radius

aaa new-model
aaa authentication dot1x default group radius

dot1x system-auth-control
radius-server host -------

int fa0/xx
switch mode access
dot1x port-control auto

On 5/30/07, Tarun Pahuja <pahujat@gmail.com> wrote:
>
> Joe,
> The first two lines do not effect Dot1x.
>
> sw1(config)#aaa authentication login LocalCon none
> sw1(config)#aaa authentication login LocalVTY none
>
> They are independent of Dot1x configuration.
>
> Thanks,
> Tarun
>
>
> On 5/30/07, Joe Mama <jsmith1234550@gmail.com> wrote:
> >
> > Hello all,
> >
> > I believe that I have the right question as it's fairly
> > straightforward. However, does anyone see a proctor in the CCIE lab
> > having an issue with the config since the radius is the 3rd one down
> > on the list. If it was the first one on the list (before the
> > aaa....locals), would that be more correct? How stringent are the
> > requirements? I added the local
> >
> > Lab ?: Configure the default behavior of dot1x authentication to use
> > Radius as the primary method of authentication.
> >
> > sw1(config)#dot1x system-auth-control
> >
> > sw1(config)#aaa new-model
> > sw1(config)#aaa authentication login LocalCon none
> > sw1(config)#aaa authentication login LocalVTY none
> > sw1(config)#aaa authentication dot1x default group radius
> >
> > sw1(config)#radius-server host 192.168.100.1166 key asdf
> >
> > sw1(config)#line con 0
> > sw1(config-line)#login authentication LocalCon
> > sw1(config-line)#line vty 0 4
> > sw1(config-line)#login authentication LocalVTY
> > sw1(config-line)#
> >
> > Regards,
> > Joe
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: To Be CCIE: "Re: QOS question"
• Previous message: Gary Duncanson: "Re: OT:Ciscoworks Primary/Secondary deployment"
• Maybe in reply to: Joe Mama: "Dot1x and Radius Lab ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART