Re: DOT1x on 3750 from Jay McMickle on 2010-07-10 (Ccielab archives 07/2010)

From: Jay McMickle <jay.mcmickle_at_yahoo.com>
Date: Sat, 10 Jul 2010 10:16:22 -0700 (PDT)

You need to run 122-35.SE5, but less than 12.2.53 code, on the 3560's and
3750's.

Further note- You need at least c3560-advipservicesk9-mz.122-40.SE
to
enable LLDP, but I haven't tested to see if dot1x port-control and LLDP
are both
in this IOS version. There is a task on one of my CCIE R&S lab prep
material,
though, for both functions to be implemented.

Regards,
Jay
McMickle- CCNP, CCSP, MCSE

________________________________
From:
Dominic Zeni <Dominic_at_lookingpoint.com>
To: "Grammer, Christopher"
<cgrammer_at_essilorusa.com>
Cc: "ccielab_at_groupstudy.com"
<ccielab_at_groupstudy.com>
Sent: Fri, July 9, 2010 10:53:40 AM
Subject: Re:
DOT1x on 3750

I believe the command set syntax has changed in newer IOS.
Under your
interface, try "authentication ?"

Dom

This was sent from my
mobile device.

On Jul 9, 2010, at 8:50 AM, "Grammer, Christopher"
<cgrammer_at_essilorusa.com
> wrote:

> I am using 2 3750s some of my studies,
but I can not seem to get Dot1x
> commands under the interface.
> I think I am
missing something specific to the 3750, but I dont know
> what.
> I did a
brief internet search and saw a few people having this issue
> but
> never
saw a resolution.
>
> Globally I configure:
>
> dot1x system-auth-control
>
dot1x guest-vlan supplicant
>
> when I go to the interface I set the
switchport mode to access
>
> int fa1/0/24
> switchport mode access
>
> Then
the only thing i get for dot1x commands is:
>
> SW2(config-if)#dot1x ?
>
credentials Credentials profile configuration
> default Configure
Dot1x with default values for this port
> max-reauth-req Max No.of
Reauthentication Attempts
> max-req Max No.of Retries
> max-start
  Max No. of EAPOL-Start requests
> pae Set 802.1x interface pae
type
> supplicant Configure supplicant parameters
> timeout
Various Timeouts
>
>
> I do the exact same thing on a 3550 and everything
works as expected:
>
> SW3(config-if)#dot1x ?
> auth-fail Configure
Authentication Fail values for this port
> control-direction Set the
control-direction on the interface
> critical Enable 802.1x Critical
Authentication
> default Configure Dot1x with default values for
this port
> fallback Enable the Webauth fallback mechanism
>
guest-vlan Configure Guest-vlan on this interface
> host-mode
Set the Host mode for 802.1x on this interface
> mac-auth-bypass Enable
MAC Auth Bypass
> max-reauth-req Max No.of Reauthentication Attempts
>
max-req Max No.of Retries
> pae Set 802.1x
interface pae type
> port-control set the port-control value
>
reauthentication Enable or Disable Reauthentication for this port
> timeout
          Various Timeouts
> violation-mode Set the Security Violation
mode on this interface
>
>
> I have checked the IOS on the 3750 and here is
the sh ver
>
>
> SW2#sh ver
> Cisco IOS Software, C3750 Software
(C3750-IPSERVICESK9-M), Version
> 12.2(53)SE2, RELEASE SOFTWARE (fc3)
>
Technical Support: http://www.cisco.com/techsupport
> Copyright (c) 1986-2010
by Cisco Systems, Inc.
> Compiled Wed 21-Apr-10 04:49 by prod_rel_team
> Image
text-base: 0x01000000, data-base: 0x02F00000
>
> ROM: Bootstrap program is
C3750 boot loader
> BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version
12.2(44)SE5,
> RELEASE
> SOFTWARE (fc1)
>
> SW2 uptime is 1 hour, 7 minutes
> System returned to ROM by power-on
> S
> *Mar 1 01:07:17.319:
%SYS-5-CONFIG_I: Configured from console by
> consoleystem image file is
"flash:/c3750-ipservicesk9-mz.
> 122-53.SE2.bin"
>
>
> cisco WS-C3750-24P
(PowerPC405) processor (revision M0) with 131072K
> bytes
> of memory.
>
Processor board ID FDO1243Y0HE
> Last reset from power-on
> 1 Virtual Ethernet
interface
> 24 FastEthernet interfaces
> 2 Gigabit Ethernet interfaces
> The
password-recovery mechanism is enabled.
>
> 512K bytes of flash-simulated
non-volatile configuration memory.
> Base ethernet MAC Address :
00:24:13:2E:C0:00
> Motherboard assembly number : 73-9672-11
> Power supply
part number : 341-0029-05
> Motherboard serial number :
FDO12460DZY
> Power supply serial number : DTN124143JZ
> Model revision
number : M0
> Motherboard revision number : A0
> Model number
              : WS-C3750-24PS-S
> System serial number :
****************
> Top Assembly Part Number : 800-25860-05
> Top
Assembly Revision Number : C0
> Version ID : V06
>
CLEI Code Number : COMU410ARA
> Hardware Board Revision Number
: 0x01
>
>
> Switch Ports Model SW Version SW Image
>
> ------ ----- ----- ---------- ----------
>
> * 1
26 WS-C3750-24P 12.2(53)SE2 C3750-
> IPSERVICESK9-M
>
>
>
>
Configuration register is 0xF
>
>
> Blogs and organic groups at
http://www.ccie.net
>
>
Received on Sat Jul 10 2010 - 10:16:22 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART