Re: Pb with EAP/MD5

Thu, 11 Aug 2005 00:34:59 -0700 

Add command 'dot1x system-auth-control'  for the switch.
----- Original Message ----- From: "Rafael DiazMaurin" <[EMAIL PROTECTED]> 
To: "FreeRadius users mailing list" <[email protected]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, August 09, 2005 22:41
Subject: Re: Pb with EAP/MD5



Jefri bin Dahari a écrit :
Use 'debug radius authentication' command on your switch and run radiusd -X and see the output. Check whether the vlan you configure on the port is supported on the switch.
I've got 2 errors in my logs from the switch CISCO 2950 IOS : version : 12.1(22)EA4 

AAA/AUTHOR: config command authorization not enable
dot1x-err:Unable to send a message to the Dot1x Authenticator process.

If someone has an idea...
----- Original Message ----- From: "Rafael DiazMaurin" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" <[email protected]> 
Sent: Tuesday, August 09, 2005 15:44
Subject: Re: Pb with EAP/MD5



Jefri bin Dahari a écrit :


I think you haven't put the NAS ip address in clients.conf.




Yes I did it :

client xxx.xxx.xxx.xxx {
       secret          = XXX
       shortname    = Switch
       nastype         = cisco
}



    ----- Original Message -----



The Cisco 2950 is the client (or NAS). Is it configured?


    Yes it's configured :
    IOS version : 12.1(22)EA4
    General configuration :
        aaa new-model
        aaa authentication dot1x default group radius
        aaa authorization network default group radius
    radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX
    radius-server retransmit 3

    Here is the configuration of the port where the Supplicant (XP SP
    2) is connected :
    interface FastEthernet0/2
      description supplicant
     switchport access vlan XXX
     switchport mode access
     duplex full
     dot1x port-control auto
     dot1x timeout reauth-period 300
     dot1x reauthentication
     spanning-tree portfast

    This switch is connected to another switch with a Trunk link, and
    another trunk link until the radius server.
    Here is the configuration of the port where the radius server is
    connected :
    interface FastEthernet2/11
     description RadiusServer
     switchport access vlan XXX







Rafael.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to