Re: dot1x missing? from -Hammer- on 2011-07-22 (Ccielab archives 07/2011)

From: -Hammer- <bhmccie_at_gmail.com>
Date: Fri, 22 Jul 2011 13:38:07 -0500

Hey Marc. It's there in the original post.

-Hammer-

"I was a normal American nerd"
-Jack Herer

On 07/22/2011 01:35 PM, marc abel wrote:
> Maybe I'm missing it but I don't see
>
> dot1x system-auth-control
>
> in your global config.
>
> On Fri, Jul 22, 2011 at 1:25 PM, -Hammer-<bhmccie_at_gmail.com> wrote:
>
>> Ha! Hey Joe. Nice try but I already have it enabled. :)
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> Cat3560-2(config)#do sho run | in aaa
>> aaa new-model
>> aaa authentication login default none
>> aaa authentication dot1x default group radius
>> aaa session-id common
>> Cat3560-2(config)#
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>> I'm clearly misunderstanding something. See below. I can apply
>> "force-author" and nothing happens. I apply "auto" and it works. I go
>> back and apply "force author" and it stops displaying again.
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> Cat3560-2(config-if)#do sho run int gi0/6
>> Building configuration...
>>
>> Current configuration : 134 bytes
>> !
>> interface GigabitEthernet0/6
>> description R6 Fa0/0
>> switchport access vlan 567
>> switchport mode access
>> spanning-tree portfast
>> end
>>
>> Cat3560-2(config-if)#int gi0/6
>> Cat3560-2(config-if)#dot1x port force-author
>> Cat3560-2(config-if)#do sho run int gi0/6
>> Building configuration...
>>
>> Current configuration : 134 bytes
>> !
>> interface GigabitEthernet0/6
>> description R6 Fa0/0
>> switchport access vlan 567
>> switchport mode access
>> spanning-tree portfast
>> end
>>
>> Cat3560-2(config-if)#dot1x port auto
>> Cat3560-2(config-if)#
>> Cat3560-2(config-if)#
>> Cat3560-2(config-if)#
>> 01:43:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface
>> GigabitEthernet0/6, changed state to down
>> Cat3560-2(config-if)#
>> Cat3560-2(config-if)#do sho run int gi0/6
>> Building configuration...
>>
>> Current configuration : 160 bytes
>> !
>> interface GigabitEthernet0/6
>> description R6 Fa0/0
>> switchport access vlan 567
>> switchport mode access
>> dot1x port-control auto
>> spanning-tree portfast
>> end
>>
>> Cat3560-2(config-if)#
>> Cat3560-2(config-if)#dot1x port force-author
>> Cat3560-2(config-if)#
>> Cat3560-2(config-if)#
>> 01:43:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface
>> GigabitEthernet0/6, changed state to up
>> Cat3560-2(config-if)#
>> Cat3560-2(config-if)#do sho run int gi0/6
>> Building configuration...
>>
>> Current configuration : 134 bytes
>> !
>> interface GigabitEthernet0/6
>> description R6 Fa0/0
>> switchport access vlan 567
>> switchport mode access
>> spanning-tree portfast
>> end
>>
>> Cat3560-2(config-if)#
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>> -Hammer-
>>
>> "I was a normal American nerd"
>> -Jack Herer
>>
>>
>>
>> On 07/22/2011 01:18 PM, Joseph L. Brunner wrote:
>>
>>> Enabling it globally?
>>>
>>> Please hammer, don't hurt 'em!
>>>
>>> Aaa new-model
>>> Aaa authen dot1x default group radius
>>>
>>> dot1x system-auth-control
>>>
>>> Now you're "too legit to quit" and you "can touch this"
>>>
>>> -joe
>>>
>>> -----Original Message-----
>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of -Hammer-
>>> Sent: Friday, July 22, 2011 1:53 PM
>>> To: ccielab_at_groupstudy.com
>>> Subject: dot1x missing?
>>>
>>> I know the trick that dot1x commands won't show up on an interface until
>>> it's in access but am I missing something else here?
>>> Port enabled
>>> Dot1x enabled
>>> port in access mode
>>> dot1x configuration to port - FAIL
>>>
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>> Cat3560-2(config)#do sho run | in dot
>>> aaa authentication dot1x default group radius
>>> dot1x system-auth-control
>>> vlan dot1q tag native
>>> Cat3560-2(config)#do sho run int gi0/6
>>> Building configuration...
>>>
>>> Current configuration : 110 bytes
>>> !
>>> interface GigabitEthernet0/6
>>> description R6 Fa0/0
>>> switchport access vlan 567
>>> switchport mode access
>>> end
>>>
>>> Cat3560-2(config)#int gi0/6
>>> Cat3560-2(config-if)#dot1x port-control force-author
>>> Cat3560-2(config-if)#do sho run int gi0/6
>>> Building configuration...
>>>
>>> Current configuration : 110 bytes
>>> !
>>> interface GigabitEthernet0/6
>>> description R6 Fa0/0
>>> switchport access vlan 567
>>> switchport mode access
>>> end
>>>
>>> Cat3560-2(config-if)#
>>> Cat3560-2(config-if)#do sho dot1x
>>> Sysauthcontrol = Enabled
>>> Supplicant Allowed In Guest Vlan = Disabled
>>> Dot1x Protocol Version = 1
>>> Dot1x Oper Controlled Directions = Both
>>> Dot1x Admin Controlled Directions = Both
>>>
>>> Cat3560-2(config-if)#do sho dot1x all
>>> No Dot1x Configuration exists
>>> Cat3560-2(config-if)#
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jul 22 2011 - 13:38:07 ART

This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:06 ART