RE: dot1x missing?

From: Joseph L. Brunner <joe_at_affirmedsystems.com>
Date: Fri, 22 Jul 2011 18:43:04 +0000

Isn't the "force-authorized" state the default?

What does

Show dot1x all details

Tell you?

From: -Hammer- [mailto:bhmccie_at_gmail.com]
Sent: Friday, July 22, 2011 2:38 PM
To: marc abel
Cc: Joseph L. Brunner; ccielab_at_groupstudy.com
Subject: Re: dot1x missing?

Hey Marc. It's there in the original post.

-Hammer-

"I was a normal American nerd"

-Jack Herer

On 07/22/2011 01:35 PM, marc abel wrote:

Maybe I'm missing it but I don't see

dot1x system-auth-control

in your global config.

On Fri, Jul 22, 2011 at 1:25 PM, -Hammer-
<bhmccie_at_gmail.com><mailto:bhmccie_at_gmail.com> wrote:

Ha! Hey Joe. Nice try but I already have it enabled. :)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Cat3560-2(config)#do sho run | in aaa

aaa new-model

aaa authentication login default none

aaa authentication dot1x default group radius

aaa session-id common

Cat3560-2(config)#

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I'm clearly misunderstanding something. See below. I can apply

"force-author" and nothing happens. I apply "auto" and it works. I go

back and apply "force author" and it stops displaying again.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Cat3560-2(config-if)#do sho run int gi0/6

Building configuration...

Current configuration : 134 bytes

!

interface GigabitEthernet0/6

 description R6 Fa0/0

 switchport access vlan 567

 switchport mode access

 spanning-tree portfast

end

Cat3560-2(config-if)#int gi0/6

Cat3560-2(config-if)#dot1x port force-author

Cat3560-2(config-if)#do sho run int gi0/6

Building configuration...

Current configuration : 134 bytes

!

interface GigabitEthernet0/6

 description R6 Fa0/0

 switchport access vlan 567

 switchport mode access

 spanning-tree portfast

end

Cat3560-2(config-if)#dot1x port auto

Cat3560-2(config-if)#

Cat3560-2(config-if)#

Cat3560-2(config-if)#

01:43:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface

GigabitEthernet0/6, changed state to down

Cat3560-2(config-if)#

Cat3560-2(config-if)#do sho run int gi0/6

Building configuration...

Current configuration : 160 bytes

!

interface GigabitEthernet0/6

 description R6 Fa0/0

 switchport access vlan 567

 switchport mode access

 dot1x port-control auto

 spanning-tree portfast

end

Cat3560-2(config-if)#

Cat3560-2(config-if)#dot1x port force-author

Cat3560-2(config-if)#

Cat3560-2(config-if)#

01:43:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface

GigabitEthernet0/6, changed state to up

Cat3560-2(config-if)#

Cat3560-2(config-if)#do sho run int gi0/6

Building configuration...

Current configuration : 134 bytes

!

interface GigabitEthernet0/6

 description R6 Fa0/0

 switchport access vlan 567

 switchport mode access

 spanning-tree portfast

end

Cat3560-2(config-if)#

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

-Hammer-

"I was a normal American nerd"

-Jack Herer

On 07/22/2011 01:18 PM, Joseph L. Brunner wrote:

Enabling it globally?

Please hammer, don't hurt 'em!

Aaa new-model

Aaa authen dot1x default group radius

dot1x system-auth-control

Now you're "too legit to quit" and you "can touch this"

-joe

-----Original Message-----

From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
[mailto:nobody_at_groupstudy.com] On Behalf Of -Hammer-

Sent: Friday, July 22, 2011 1:53 PM

To: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>

Subject: dot1x missing?

I know the trick that dot1x commands won't show up on an interface until

it's in access but am I missing something else here?

Port enabled

Dot1x enabled

port in access mode

dot1x configuration to port - FAIL

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!

Cat3560-2(config)#do sho run | in dot

aaa authentication dot1x default group radius

dot1x system-auth-control

vlan dot1q tag native

Cat3560-2(config)#do sho run int gi0/6

Building configuration...

Current configuration : 110 bytes

!

interface GigabitEthernet0/6

   description R6 Fa0/0

   switchport access vlan 567

   switchport mode access

end

Cat3560-2(config)#int gi0/6

Cat3560-2(config-if)#dot1x port-control force-author

Cat3560-2(config-if)#do sho run int gi0/6

Building configuration...

Current configuration : 110 bytes

!

interface GigabitEthernet0/6

   description R6 Fa0/0

   switchport access vlan 567

   switchport mode access

end

Cat3560-2(config-if)#

Cat3560-2(config-if)#do sho dot1x

Sysauthcontrol = Enabled

Supplicant Allowed In Guest Vlan = Disabled

Dot1x Protocol Version = 1

Dot1x Oper Controlled Directions = Both

Dot1x Admin Controlled Directions = Both

Cat3560-2(config-if)#do sho dot1x all

No Dot1x Configuration exists

Cat3560-2(config-if)#

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!

Blogs and organic groups at http://www.ccie.net
Received on Fri Jul 22 2011 - 18:43:04 ART

This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:06 ART