Review your favorite Linux distribution.
Go Back > Forums > Non-*NIX Forums > General
User Name
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!


  Search this Thread
Old 01-10-2006, 11:18 AM   #1
Registered: Jul 2003
Distribution: Solaris 8/9, gentoo
Posts: 41

Rep: Reputation: 15
Any net admins, need some quick help

I know this is a linux forum but maybe someone out there works with cisco as well. I am trying to setup 802.1x on some 2950's. I followed the docs at but it doesn't seem to enable the port authentication. I don't know if there is an issue with the other aaa settings which is causing the problem. I enabled debugging for dot1x but it does not show anything relavent. In my config, there are 3 radius servers. 1 which belongs to adgroup is used for 802.1x, the other 2 are for rsa securid. Here is my aaa/radius settings:

aaa new-model
aaa group server radius adgroup
server x.x.x.x auth-port 1645 acct-port 1646
aaa authentication login default group radius local
aaa authentication dot1x default group adgroup
aaa authorization console
aaa authorization exec default group radius local
aaa authorization network default group adgroup
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
aaa accounting system default stop-only group radius
dot1x system-auth-control
dot1x guest-vlan supplicant

My interface config looks like this:
interface FastEthernet0/32
switchport mode access
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout reauth-period 300
dot1x guest-vlan 4
dot1x reauthentication
spanning-tree portfast

Here is output from sh dot1x int fa 0/32:
Supplicant MAC <Not Applicable>
AuthSM State = N/A
BendSM State = N/A
Posture = N/A
ReAuthPeriod = 300 Seconds (Locally Configured)
ReAuthAction = Reauthenticate
TimeToNextReauth = N/A
PortStatus = N/A
MaxReq = 2
MaxAuthReq = 2
HostMode = Multi
Port Control = Auto
ControlDirection = Both
QuietPeriod = 60 Seconds
Re-authentication = Enabled
ReAuthPeriod = 300 Seconds
ServerTimeout = 30 Seconds
SuppTimeout = 30 Seconds
TxPeriod = 30 Seconds
Guest-Vlan = 4
Old 01-10-2006, 05:56 PM   #2
Registered: Jul 2003
Distribution: Solaris 8/9, gentoo
Posts: 41

Original Poster
Rep: Reputation: 15
Just to let everyone know, after hours a double-checking, rewriting, researching, hitting my head on the desk; it was a bad connector on the cable. Of course I didn't start with the simplest problems, the clip on the end was broke so the cable slid out of the port.
Old 01-10-2006, 07:26 PM   #3
Registered: Aug 2005
Distribution: Smoothwall
Posts: 283
Blog Entries: 3

Rep: Reputation: 35

I should print your post and put on my tower. When I've having computer trouble, configuring linux, writing a program and things just are'nt working, I'll look at your post and smile.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
To the admins: chris318 Slackware 8 03-02-2005 09:42 PM
Domain Admins not Local ADmins - Samba 3.0.7 dlublink Linux - Networking 2 03-01-2005 12:05 PM
Contact with school-net admins wanted, for migrating discussion. pingu Linux - General 1 02-08-2005 12:52 PM
Quick Question on ftgow Linux - Hardware 0 09-18-2003 12:25 PM > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 03:11 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration