Lab - dot1x authentication

Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
Hey guys,

I am attempting to get an Windows XP Pro machine to authenticate using dot1x using local authentication.

I have disabled auto windows account logging in and certificates on the XP client

Here is the config from the switch.

[code]
hostname Switch
username test password 0 test
aaa new-model
aaa authentication username-prompt test
aaa authentication dot1x default local

aaa authentication dot1x default local
dot1x system-auth-control
Interface FastEthernet0/3
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
!
/code

Unfortunately authentication continues to fail. Any ideas?
-Daniel

Comments

  • Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    results of a debug dot1x events when attempting to authenticate
    Switch#
    *Mar 1 10:03:07.353: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role stEthernet0/3.
    *Mar 1 10:03:07.353: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
    *Mar 1 10:03:07.353: EAPOL pak **** rx
    *Mar 1 10:03:07.353: EAPOL Version: 0x1 type: 0x0 length: 0x0009
    *Mar 1 10:03:07.353: dot1x-ev:
    dot1x_auth_queue_event: Int Fa0/3 CODE= 2,TYPE= 1,LEN= 9

    *Mar 1 10:03:07.353: dot1x-ev:Received pkt saddr =0009.6be3.9865 , daddr = 0180.c200.0003,
    pae-ether-type = 888e.0100.0009
    *Mar 1 10:03:07.353: dot1x-ev:Created a client entry for the supplicant 0009.6be3.9865
    *Mar 1 10:03:07.353: dot1x-ev:Found the default authenticator instance on FastEthernet0/3
    *Mar 1 10:03:07.353: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port Fa0/3 is TRUE

    *Mar 1 10:03:07.353: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0009.6be3.9865
    *Mar 1 10:03:07.357: dot1x-ev:FastEthernet0/3:Sending EAPOL packet to group PAE address
    *Mar 1 10:03:07.357: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/3.
    *Mar 1 10:03:07.357: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/3
    -Daniel
  • Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    Corrected date and time. No change.
    -Daniel
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    I'm pretty sure you need to be authenticating to a radius server, not the local database.
Sign In or Register to comment.