05-02-2018 08:15 AM - edited 03-08-2019 02:52 PM
cuando mi cliente no soporta 802.1x, se supone que el puerto del switch debe permanecer en estado no autorizado. Pero no logro que esto funcione.
¿Sabe alguien como se logra esto?
This is may configuration:
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
radius server ServidorCPPM
address ipv4 192.168.1.1 auth-port 1812 acct-port 1813
key peppearste
dot1x system-auth-control
class-map type control subscriber match-any AAA-DOWN
match result-type aaa-timeout
exit
!
class-map type control subscriber match-all DOT1X-FAILED
match method dot1x
match result-type method dot1x authoritative
exit
!
class-map type control subscriber match-all DOT1X_NO_RESP
match method dot1x
match result-type method dot1x agent-not-found
exit
!
policy-map type control subscriber DOT1X-DEFAULT
event session-started match-all
10 class always do-all
10 authenticate using dot1x priority 10
event violation match-all
10 class always do-all
10 restrict
event agent-found match-all
10 class always do-all
10 authenticate using dot1x
event authentication-failure match-all
10 class AAA-DOWN do-all
10 terminate dot1x
20 class DOT1X_NO_RESP do-all
10 terminate dot1x
20 unauthorize
30 class DOT1X-FAILED do-all
10 terminate dot1x
40 class always do-until-failure
10 terminate dot1x
20 authentication-restart 60
interface GigabitEthernet0/1
switchport mode access
service-policy type control subscriber DOT1X-DEFAULT
authentication periodic
authentication timer reauthenticate server
mab
access-session host-mode multi-auth
dot1x timeout tx-period 10
access-session port-control auto
dot1x pae authenticator
interface Vlan109
ip address 192.168.1.254 255.255.255.0
Thank you
09-13-2018 02:23 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide