Thanks Scott and Bryan.
Bryan - yes I did. Check the link out ... most of the commands change after
12.2(50). No fun ... I should have stayed at an earlier version.
Like Scott said, the docs are good. Also, in the past, I have found the
docs to be pretty good WRT dot1x; actually all the switching docs are good.
If you do not know the commands, you can follow the dot1x documentation
pretty closely and it will walk you through. At least this has been my
experience ...
Many thanks guys, team,
Andrew
PS - looking forward to some reports and happy emails from takers of the new
version! ;-)
On Sat, Oct 17, 2009 at 10:39 PM, Bryan Bartik <bbartik_at_ipexpert.com> wrote:
> Andrew,
>
> Did you configure the ports as access ports with "switchport mode access."
> Depending on what version/model you have this may be necessary. Example:
>
> 3560 w/ 12.2(25) - Dot1x commands are not available until port is
> configured as an access port.
>
> Cat2(config)#int f0/13
> Cat2(config-if)#dot1x ?
> % Unrecognized command
>
> Cat2(config-if)#swi mo ac
> Cat2(config-if)#dot1x
> Cat2(config-if)#dot1x ?
> auth-fail Configure Authentication Fail values for this port
> control-direction Set the control-direction on the interface
> critical Enable 802.1x Critical Authentication
> default Configure Dot1x with default values for this port
> guest-vlan Configure Guest-vlan on this interface
> host-mode Set the Host mode for 802.1x on this interface
> max-reauth-req Max No.of Reauthentication Attempts
> max-req Max No.of Retries
> pae Set 802.1x interface pae type
> port-control set the port-control value
> reauthentication Enable or Disable Reauthentication for this port
> timeout Various Timeouts
>
>
> 3550 w/ 12.2(25) - Dot1x commands available without making port an access
> port.
>
> Cat1#sho run int f0/13
> Building configuration...
>
> Current configuration : 95 bytes
> !
> interface FastEthernet0/13
> switchport mode dynamic desirable
> spanning-tree guard root
> end
>
> Cat1#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> Cat1(config)#int f0/13
> Cat1(config-if)#dot1x ?
> auth-fail Configure Authentication Fail values for this port
> control-direction set the control-direction value
> default Configure Dot1x with default values for this port
> guest-vlan Configure Guest-vlan on this interface
> host-mode Set the Host mode for 802.1x on this interface
> max-reauth-req Max No. of Retries to supplicant
> max-req Max No. of Retries to supplicant for EAP-Request
> frames of
> types other than EAP-Request/Identity
> port-control set the port-control value
> reauthentication Enable or Disable Reauthentication for this port
> timeout Various Timeouts
>
> -hth
>
>
> On Sat, Oct 17, 2009 at 6:46 PM, ALL From_NJ <all.from.nj_at_gmail.com>wrote:
>
>> Interesting discussion for sure ...
>>
>> I was working on some labs, and the labs had me configure some dot1x
>> stuff.
>> After I was pulling my hair out I decided to look over the solutions and
>> what do you know .. these commands do not exist on my switch.
>>
>> If anyone hears of anything, please pass it on.
>>
>> Think I should learn both new and old commands? Please say no ... ;-)
>>
>> Andrew
>>
>>
>>
>>
>> On Sat, Oct 17, 2009 at 9:01 PM, Marko Milivojevic <markom_at_markom.info
>> >wrote:
>>
>> > On Sun, Oct 18, 2009 at 00:59, Joe Astorino <jastorino_at_ipexpert.com>
>> > wrote:
>> > > Where else would they put the information on switching though I
>> wonder?
>> > I
>> > > understand things are moving more to the virtual environment, at least
>> > for
>> > > troubleshooting but lets face it, switching is still a big big part of
>> > > things.
>> >
>> > I remember few years back it wasn't, actually. It was just called R&S,
>> > but it was truly R exam.
>> >
>> > If they indeed change the number of switches to one, it would be back
>> > to being pointless. Unless, of course, they don't come up with some
>> > sort of a "data center" track and combine switching and storage there.
>> > It may actually make some sense.
>> >
>> > --
>> > Marko
>> > CCIE #18427 (SP)
>> > My network blog: http://cisco.markom.info/
>> >
>>
>>
>>
>> --
>> Andrew Lee Lissitz
>> all.from.nj_at_gmail.com
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Bryan Bartik
> CCIE #23707 (R&S), CCNP
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
-- Andrew Lee Lissitz all.from.nj_at_gmail.com Blogs and organic groups at http://www.ccie.netReceived on Sat Oct 17 2009 - 23:09:16 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:00 ART