804
Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
Switch(Config-if-vlan1)#exit
Switch(Config)#radius-server authentication host 10.1.1.3
Switch(Config)#radius-server accounting host 10.1.1.3
Switch(Config)#radius-server key test
Switch(Config)#aaa enable
Switch(Config)#aaa-accounting enable
Switch(Config)#dot1x enable
Switch(Config)#interface ethernet 1/2
Switch(Config-Ethernet1/2)#dot1x enable
Switch(Config-Ethernet1/2)#dot1x port-control auto
Switch(Config-Ethernet1/2)#exit
20.3.1 802.1x Troubleshooting
It is possible that 802.1x be congfigured on ports and 802.1x authentication be
setted to auto
,
but switch cann’t be to authenticated state after the user runs 802.1x
supplicant software. Here are some possible causes and solutions:
&
If 802.1x cannot be enabled for a port, make sure the port is not executing Spanning
tree, or MAC binding, or configured as a Trunk port or for port aggregation. To
enable the 802.1x authentication, the above functions must be disabled.
&
If the switch is configured properly but still cannot pass through authentication,
connectivity between the switch and RADIUS server, the switch and 802.1x client
should be verified, and the port and VLAN configuration for the switch should be
checked, too.
&
Check the event log in the RADIUS server for possible causes. In the event log, not
only unsuccessful logins are recorded, but prompts for the causes of unsuccessful
login. If the event log indicates wrong authenticator password, radius-server key
parameter shall be modified; if the event log indicates no such authenticator, the
authenticator needs to be added to the RADIUS server; if the event log indicates no
such login user, the user login ID and password may be wrong and should be
verified and input again.
&
Too frequent access to RADIUS data such as run “show aaa” commands may cause
the user to be unable to pass through the authentication due to RADIUS data share
violation. And the same reason may force users to go offline on re-authentication in
the use. As a result, it is recommended to minimize operation to RADIUS data when
users are authenticating or re-authenticating.
20.3.1.1 Commands for 802.1X