Jefri bin Dahari a écrit :
Use 'debug radius authentication' command on your switch and run
radiusd -X and see the output.
Check whether the vlan you configure on the port is supported on the
switch.
I've got 2 errors in my logs from the switch CISCO 2950 IOS : version :
12.1(22)EA4
AAA/AUTHOR: config command authorization not enable
dot1x-err:Unable to send a message to the Dot1x Authenticator process.
If someone has an idea...
----- Original Message ----- From: "Rafael DiazMaurin"
<[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
<[email protected]>
Sent: Tuesday, August 09, 2005 15:44
Subject: Re: Pb with EAP/MD5
Jefri bin Dahari a écrit :
I think you haven't put the NAS ip address in clients.conf.
Yes I did it :
client xxx.xxx.xxx.xxx {
secret = XXX
shortname = Switch
nastype = cisco
}
----- Original Message -----
The Cisco 2950 is the client (or NAS). Is it configured?
Yes it's configured :
IOS version : 12.1(22)EA4
General configuration :
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX
radius-server retransmit 3
Here is the configuration of the port where the Supplicant (XP SP
2) is connected :
interface FastEthernet0/2
description supplicant
switchport access vlan XXX
switchport mode access
duplex full
dot1x port-control auto
dot1x timeout reauth-period 300
dot1x reauthentication
spanning-tree portfast
This switch is connected to another switch with a Trunk link, and
another trunk link until the radius server.
Here is the configuration of the port where the radius server is
connected :
interface FastEthernet2/11
description RadiusServer
switchport access vlan XXX
Rafael.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
