topic Re: 802.1x LAN issues in Communications and Wireless

802.1x LAN issues

Gideon Kay — Wed, 07 Jun 2006 07:46:07 GMT

Hi All,

I have setup a test switch with the 802.1x port based authentication based on the advanced security manual. We have both a functioning RADIUS (Used for wireless without issues) and certificate infratsructure. Despite purchasing a brand new switch for testing authentication fails and nothing appears in the log files on the IAS server. If I chage the ip of teh readius client to an incorrect one I get an error saying as such so that part seems to be fine. I have even tried lowering the MTU. Any advise would be very helpfull

Gideon

Re: 802.1x LAN issues

Matt Hobbs — Wed, 07 Jun 2006 08:47:32 GMT

Make sure you have these few lines:

aaa authentication port-access eap-radius
radius-server host
aaa port-access authenticator
aaa port-access authenticator active

If still not having any luck, please attach your running config here.

Don't forget to assign points to posts that have helped you.

Re: 802.1x LAN issues

Gideon Kay — Wed, 07 Jun 2006 09:16:11 GMT

Hi ,

Thanks for the reply. Those are in place. The ineteresting fact I have now noticed is that some users work fine, others not. It seems to be an IAS issue as when there is a failure/ success IAS logs this yet some logins just sit there with no IAS response

Gideon

Re: 802.1x LAN issues

MsE — Wed, 05 Jul 2006 07:26:46 GMT

Did you check the dial-in properties in AD users and groups? It should be set to the option that says that remote access policies will decide whether to grant or deny access.
You can even tell the IAS to completely ignore the users' dial-in settings so it's all up to the ras policies. You can find that info in MS's TechNet.