Did you check your radius ports and radius key ?, this should match your IC configuration.     If you dont get response from the first configured server, then will try second one. But i you get a refuse response, then will not try more radius servers.     Since you have to radius with the same ip, but different ports and key, have to check if you are getting any response from your ic server, if for the first ports/key line you get a refuse, will not try the second configured line.     Try to do a debug radius authentication, debug radius verbose, debug dot1x errors, debug dot1x events, show dot1x interface detail.     First you have to be sure the switch is sending the auth request to your ic server.       ... View more

    Is this a Cisco configuration problem post in a Juniper forum ?. The 802.1x configuration is not related to your ic4500 configuration. You only have to properly configure the 3560 switch.     Look to the following configuration guide :   http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html     There was some changes in the dot1x configuration commands, and the dot1x commands was replaced by authentication commands.    Depending on your ios version you will have to replace your dot1x commands.     Also, i dont see the following command :   dot1x system-auth-control      And, why do you configure twice the same radius server but with different ports and radius key ?.     If your ic is using the 1645 1646 ports then you will have to delete the second line, or delete the first line and properly configure the key for the second line. 1645 and 1646 are old ports.    radius-server host 192.168.200.4 auth-port 1645 acct-port 1646 key cisco radius-server host 192.168.200.4 auth-port 1812 acct-port 1813     ... View more