Pb with EAP/MD5

Jefri bin Dahari jeff at mimos.my
Thu Aug 11 09:32:28 CEST 2005 

Add command 'dot1x system-auth-control'  for the switch.

----- Original Message ----- 
From: "Rafael DiazMaurin" <Rafael.DiazMaurin at cnrs-bellevue.fr>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Cc: <jeff at mimos.my>
Sent: Tuesday, August 09, 2005 22:41
Subject: Re: Pb with EAP/MD5


> Jefri bin Dahari a écrit :
>
>> Use 'debug radius authentication' command on your switch and run 
>> radiusd -X and see the output.
>> Check whether the vlan you configure on the port is supported on the 
>> switch.
>
>
> I've got 2 errors in my logs from the switch CISCO 2950 IOS : version : 
> 12.1(22)EA4
>
> AAA/AUTHOR: config command authorization not enable
> dot1x-err:Unable to send a message to the Dot1x Authenticator process.
>
> If someone has an idea...
>
>>
>>
>> ----- Original Message ----- From: "Rafael DiazMaurin" 
>> <Rafael.DiazMaurin at cnrs-bellevue.fr>
>> To: "FreeRadius users mailing list" 
>> <freeradius-users at lists.freeradius.org>
>> Sent: Tuesday, August 09, 2005 15:44
>> Subject: Re: Pb with EAP/MD5
>>
>>
>>> Jefri bin Dahari a écrit :
>>>
>>>> I think you haven't put the NAS ip address in clients.conf.
>>>
>>>
>>>
>>> Yes I did it :
>>>
>>> client xxx.xxx.xxx.xxx {
>>>        secret          = XXX
>>>        shortname    = Switch
>>>        nastype         = cisco
>>> }
>>>
>>>
>>>>     ----- Original Message -----
>>>>
>>>>>
>>>>> The Cisco 2950 is the client (or NAS). Is it configured?
>>>>>
>>>>     Yes it's configured :
>>>>     IOS version : 12.1(22)EA4
>>>>     General configuration :
>>>>         aaa new-model
>>>>         aaa authentication dot1x default group radius
>>>>         aaa authorization network default group radius
>>>>     radius-server host IP-Adress auth-port 1812 acct-port 1813 key XXX
>>>>     radius-server retransmit 3
>>>>
>>>>     Here is the configuration of the port where the Supplicant (XP SP
>>>>     2) is connected :
>>>>     interface FastEthernet0/2
>>>>       description supplicant
>>>>      switchport access vlan XXX
>>>>      switchport mode access
>>>>      duplex full
>>>>      dot1x port-control auto
>>>>      dot1x timeout reauth-period 300
>>>>      dot1x reauthentication
>>>>      spanning-tree portfast
>>>>
>>>>     This switch is connected to another switch with a Trunk link, and
>>>>     another trunk link until the radius server.
>>>>     Here is the configuration of the port where the radius server is
>>>>     connected :
>>>>     interface FastEthernet2/11
>>>>      description RadiusServer
>>>>      switchport access vlan XXX
>>>>
>>>>
>>>>
>>>
>
> Rafael.
>
>>>>
>>>
>
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list