Re: dot1x missing? from marc abel on 2011-07-22 (Ccielab archives 07/2011)

From: marc abel <marcabel_at_gmail.com>
Date: Fri, 22 Jul 2011 13:35:33 -0500

Maybe I'm missing it but I don't see

dot1x system-auth-control

in your global config.

On Fri, Jul 22, 2011 at 1:25 PM, -Hammer- <bhmccie_at_gmail.com> wrote:
> Ha! Hey Joe. Nice try but I already have it enabled. :)
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Cat3560-2(config)#do sho run | in aaa
> aaa new-model
> aaa authentication login default none
> aaa authentication dot1x default group radius
> aaa session-id common
> Cat3560-2(config)#
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> I'm clearly misunderstanding something. See below. I can apply
> "force-author" and nothing happens. I apply "auto" and it works. I go
> back and apply "force author" and it stops displaying again.
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Cat3560-2(config-if)#do sho run int gi0/6
> Building configuration...
>
> Current configuration : 134 bytes
> !
> interface GigabitEthernet0/6
> description R6 Fa0/0
> switchport access vlan 567
> switchport mode access
> spanning-tree portfast
> end
>
> Cat3560-2(config-if)#int gi0/6
> Cat3560-2(config-if)#dot1x port force-author
> Cat3560-2(config-if)#do sho run int gi0/6
> Building configuration...
>
> Current configuration : 134 bytes
> !
> interface GigabitEthernet0/6
> description R6 Fa0/0
> switchport access vlan 567
> switchport mode access
> spanning-tree portfast
> end
>
> Cat3560-2(config-if)#dot1x port auto
> Cat3560-2(config-if)#
> Cat3560-2(config-if)#
> Cat3560-2(config-if)#
> 01:43:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet0/6, changed state to down
> Cat3560-2(config-if)#
> Cat3560-2(config-if)#do sho run int gi0/6
> Building configuration...
>
> Current configuration : 160 bytes
> !
> interface GigabitEthernet0/6
> description R6 Fa0/0
> switchport access vlan 567
> switchport mode access
> dot1x port-control auto
> spanning-tree portfast
> end
>
> Cat3560-2(config-if)#
> Cat3560-2(config-if)#dot1x port force-author
> Cat3560-2(config-if)#
> Cat3560-2(config-if)#
> 01:43:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet0/6, changed state to up
> Cat3560-2(config-if)#
> Cat3560-2(config-if)#do sho run int gi0/6
> Building configuration...
>
> Current configuration : 134 bytes
> !
> interface GigabitEthernet0/6
> description R6 Fa0/0
> switchport access vlan 567
> switchport mode access
> spanning-tree portfast
> end
>
> Cat3560-2(config-if)#
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> -Hammer-
>
> "I was a normal American nerd"
> -Jack Herer
>
>
>
> On 07/22/2011 01:18 PM, Joseph L. Brunner wrote:
>> Enabling it globally?
>>
>> Please hammer, don't hurt 'em!
>>
>> Aaa new-model
>> Aaa authen dot1x default group radius
>>
>> dot1x system-auth-control
>>
>> Now you're "too legit to quit" and you "can touch this"
>>
>> -joe
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of -Hammer-
>> Sent: Friday, July 22, 2011 1:53 PM
>> To: ccielab_at_groupstudy.com
>> Subject: dot1x missing?
>>
>> I know the trick that dot1x commands won't show up on an interface until
>> it's in access but am I missing something else here?
>> Port enabled
>> Dot1x enabled
>> port in access mode
>> dot1x configuration to port - FAIL
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> Cat3560-2(config)#do sho run | in dot
>> aaa authentication dot1x default group radius
>> dot1x system-auth-control
>> vlan dot1q tag native
>> Cat3560-2(config)#do sho run int gi0/6
>> Building configuration...
>>
>> Current configuration : 110 bytes
>> !
>> interface GigabitEthernet0/6
>> description R6 Fa0/0
>> switchport access vlan 567
>> switchport mode access
>> end
>>
>> Cat3560-2(config)#int gi0/6
>> Cat3560-2(config-if)#dot1x port-control force-author
>> Cat3560-2(config-if)#do sho run int gi0/6
>> Building configuration...
>>
>> Current configuration : 110 bytes
>> !
>> interface GigabitEthernet0/6
>> description R6 Fa0/0
>> switchport access vlan 567
>> switchport mode access
>> end
>>
>> Cat3560-2(config-if)#
>> Cat3560-2(config-if)#do sho dot1x
>> Sysauthcontrol = Enabled
>> Supplicant Allowed In Guest Vlan = Disabled
>> Dot1x Protocol Version = 1
>> Dot1x Oper Controlled Directions = Both
>> Dot1x Admin Controlled Directions = Both
>>
>> Cat3560-2(config-if)#do sho dot1x all
>> No Dot1x Configuration exists
>> Cat3560-2(config-if)#
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jul 22 2011 - 13:35:33 ART

This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:06 ART