cancel
Showing results for 
Search instead for 
Did you mean: 

802.1x CISCO 3560G switch

Azaben_
Occasional Contributor

802.1x CISCO 3560G switch

Dear All,

 

I have IC4500 configured and using dot1x authentication with cisco access switches, the below commands worked fine with cisco 2960 switch but when configuring the 3560 switch with the same commands it does NOT work. \

 

your advices please

 

the commands i use:

aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radius

 

interface GigabitEthernet0/46
 switchport access vlan 150
 switchport mode access
 switchport voice vlan 120
 mls qos trust cos
 dot1x pae authenticator
 dot1x port-control auto
 dot1x guest-vlan 152
 spanning-tree portfast

 

 

radius-server host 192.168.200.4 auth-port 1645 acct-port 1646 key cisco
radius-server host 192.168.200.4 auth-port 1812 acct-port 1813
radius-server source-ports 1645-1646

 

 

thanks in advance,

3 REPLIES 3
acecanal_
New Contributor

Re: 802.1x CISCO 3560G switch

 

  Is this a Cisco configuration problem post in a Juniper forum ?. The 802.1x configuration is not related to your ic4500 configuration. You only have to properly configure the 3560 switch.

 

  Look to the following configuration guide :

 

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/...

 

  There was some changes in the dot1x configuration commands, and the dot1x commands was replaced by authentication commands.

   Depending on your ios version you will have to replace your dot1x commands.

 

  Also, i dont see the following command :

 

dot1x system-auth-control

 

   And, why do you configure twice the same radius server but with different ports and radius key ?.

 

  If your ic is using the 1645 1646 ports then you will have to delete the second line, or delete the first line and properly configure the key for the second line. 1645 and 1646 are old ports.

  

radius-server host 192.168.200.4 auth-port 1645 acct-port 1646 key cisco
radius-server host 192.168.200.4 auth-port 1812 acct-port 1813

 

 

Azaben_
Occasional Contributor

Re: 802.1x CISCO 3560G switch

thanks a lot for your respond, actually i have the command "dot1x system-auth-control" and even so, its not working with the 3560, i need the commands exactly if anyone already configured 3560 switch or know what is the difference between 2960 & 3560 commands ...Please help me

acecanal_
New Contributor

Re: 802.1x CISCO 3560G switch

 Did you check your radius ports and radius key ?, this should match your IC configuration.

 

  If you dont get response from the first configured server, then will try second one. But i you get a refuse response, then will not try more radius servers.

 

  Since you have to radius with the same ip, but different ports and key, have to check if you are getting any response from your ic server, if for the first ports/key line you get a refuse, will not try the second configured line.

 

  Try to do a debug radius authentication, debug radius verbose, debug dot1x errors, debug dot1x events, show dot1x interface detail.

 

  First you have to be sure the switch is sending the auth request to your ic server.