Hi I am doing my first attempt ever to setup 802.1x. I know the basic idea with EAP-types and radius, but I cant get it to work. Fact:
c2970. Configured like this: aaa new-model ! ! aaa authentication login default none aaa authentication dot1x default group radius aaa authorization network default group radius ! interface FastEthernet0/19 description T43 switchport mode access dot1x pae authenticator dot1x port-control auto dot1x violation-mode restrict dot1x auth-fail vlan 1 spanning-tree portfast ! radius-server host 192.168.1.51 auth-port 1645 acct-port 1646 key cisco radius-server vsa send authentication The ACS is setup with a username/password, I have configured the network device and all that jazz... On port Fa0/19 I have my windows7-client that cant connect. It prompts me for username/password and saids "authentication failed". Debug of radius/dot1x on the switch show me that I get a "Access-Reject" back from the ACS. The ACS saids "EAP Type not configured" in failed-attempts. But the EAP-type column is empty. My gess is that there is something misconfigured in the win7-supplicant. I have: * Enabled dot1x-authentication. * chosen method: Microsoft PEAP (not "Smart card or other certificate") * Under settings I have unchecked "Validate server certificate" * Under settings I have chosen "Secured Password EAP-MSCHAP v2" as authentication method. But what am I doing wrong? Can I get more debug-output from my win7-client? Or should I try with a third-party supplicant instead? Also, is the "dot1x pae authenticator"-command on the switchport needed in my case? Can I get more detailed output from ACS than the default-info in the failed-attempts-log? Thanks in advance! Br Jimmy -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
