Options
Lab - dot1x authentication
Hey guys,
I am attempting to get an Windows XP Pro machine to authenticate using dot1x using local authentication.
I have disabled auto windows account logging in and certificates on the XP client
Here is the config from the switch.
[code]
hostname Switch
username test password 0 test
aaa new-model
aaa authentication username-prompt test
aaa authentication dot1x default local
aaa authentication dot1x default local
dot1x system-auth-control
Interface FastEthernet0/3
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
!
/code
Unfortunately authentication continues to fail. Any ideas?
I am attempting to get an Windows XP Pro machine to authenticate using dot1x using local authentication.
I have disabled auto windows account logging in and certificates on the XP client
Here is the config from the switch.
[code]
hostname Switch
username test password 0 test
aaa new-model
aaa authentication username-prompt test
aaa authentication dot1x default local
aaa authentication dot1x default local
dot1x system-auth-control
Interface FastEthernet0/3
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
!
/code
Unfortunately authentication continues to fail. Any ideas?
-Daniel
Comments
-
Options
Daniel333
Member Posts: 2,077 ■■■■■■□□□□
results of a debug dot1x events when attempting to authenticate
Switch#
*Mar 1 10:03:07.353: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role stEthernet0/3.
*Mar 1 10:03:07.353: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
*Mar 1 10:03:07.353: EAPOL pak **** rx
*Mar 1 10:03:07.353: EAPOL Version: 0x1 type: 0x0 length: 0x0009
*Mar 1 10:03:07.353: dot1x-ev:
dot1x_auth_queue_event: Int Fa0/3 CODE= 2,TYPE= 1,LEN= 9
*Mar 1 10:03:07.353: dot1x-ev:Received pkt saddr =0009.6be3.9865 , daddr = 0180.c200.0003,
pae-ether-type = 888e.0100.0009
*Mar 1 10:03:07.353: dot1x-ev:Created a client entry for the supplicant 0009.6be3.9865
*Mar 1 10:03:07.353: dot1x-ev:Found the default authenticator instance on FastEthernet0/3
*Mar 1 10:03:07.353: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/3 is TRUE
*Mar 1 10:03:07.353: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0009.6be3.9865
*Mar 1 10:03:07.357: dot1x-ev:FastEthernet0/3:Sending EAPOL packet to group PAE address
*Mar 1 10:03:07.357: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.
*Mar 1 10:03:07.357: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/3-Daniel -
Options
Forsaken_GA
Member Posts: 4,024
I'm pretty sure you need to be authenticating to a radius server, not the local database.