Ok, try that: conf t default int GigabitEthernet1/0/28 int GigabitEthernet1/0/28
switchport mode access switchport voice vlan 999 authentication host-mode multi-domain authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer restart 10800 authentication timer reauthenticate 10800 authentication violation replace mab no snmp trap link-status dot1x pae authenticator dot1x timeout quiet-period 2 dot1x timeout tx-period 3 shut no shut end Check if PF receives the radius request: test aaa group radius bob bob legacy Check in your radius logs or the Auditing tab in PF if you see the user bob beeing rejected / fails Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Mar 8, 2021, at 11:26 PM, Pavit Maddy <pavitgulat...@gmail.com> wrote: > > Thanxx for your reply Ludovic > > Here is my configuration > > Version Details > > Switch Ports Model SW Version SW Image > Mode > ------ ----- ----- ---------- ---------- > ---- > * 1 29 C9300L-24P-4X 16.12.4 CAT9K_IOSXE > INSTALL > > > > Global Commands > > aaa group server radius packetfence > server name pfnac > aaa authentication dot1x default group packetfence > aaa authorization network default group packetfence > aaa accounting dot1x default start-stop group packetfence > aaa accounting update periodic 1 > dot1x system-auth-control > radius-server vsa send authentication > aaa server radius dynamic-author > client X.X.X.X server-key 7 ************** > port 3799 > radius server pfnac > address ipv4 X.X.X.X auth-port 1812 acct-port 1813 > key 7 *************** > snmp-server community abcd RW > snmp-server community abc RO > > > Interface Commands > > switchport mode access > switchport voice vlan 999 > ip flow monitor SMC-flow-monitor input > authentication host-mode multi-auth > authentication order dot1x mab > authentication priority dot1x mab > authentication port-control auto > authentication periodic > authentication timer reauthenticate server > authentication timer restart 10800 > authentication violation replace > mab > no snmp trap link-status > dot1x pae authenticator > dot1x timeout quiet-period 2 > dot1x timeout tx-period 3 > spanning-tree portfast > spanning-tree bpduguard enable > > Thanks > > On Tue, Mar 9, 2021 at 1:31 AM Ludovic Zammit <lzam...@inverse.ca > <mailto:lzam...@inverse.ca>> wrote: > Hello Pavit, > > Which IOS are you running on the Cisco Catalyst 9300? > > Show me the config and I will check it out. > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca <https://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > > >> On Mar 8, 2021, at 9:36 AM, Pavit Maddy <pavitgulat...@gmail.com >> <mailto:pavitgulat...@gmail.com>> wrote: >> >> Greetings to all >> >> We have added new cisco9300 catalyst switches in our environment for dot1x >> authentication using Packetfence. These new switches have been configured in >> the same way as we configured cisco2960-x Switch. >> But when debugging dot1x events, we came across a message >> >> %SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or >> unapplied for client (XXXX.XXXX.XXXX) on Interface GigabitEthernet1/0/28 >> AuditSessionID 1180FC0A00000047DE238CC2. Failure reason: Authc fail. >> >> What does this event indicate ? >> >> Regards >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
