Dot1x authentication failed 1

[sogol]

Hello friends,

I am working on Dot1x between Windows Server 2003 and cisco 2960.
I have my windows server and an XP on vmware for testing.

I already configured the switch , run and register the IAS on my server,but my authentication is failed any time I try to plug the cable after entering the user name and password.

Can any one tell me what should I do?

Appreciate.

Sogol

 

[ADB100]

Use debug on the switch and look through the logs on the IAS server. I have this running in my test environment and it works well with Domain Member PC's and the MS 802.1x supplicant. With non domain member machines it can be troublesome as there is no mechanism to authenticate the actual machine and you can only authenticate the user. User password expiration is therefore an issue as the MS 802.1x supplicant caches the credentials in the registry by default and there is no prompting for the user to change passwords.

I have never tested this with a VM client however so I am not sure how the networking will work - 802.1x happens at layer-2 so I don't know how VMWare will deal with this?

Andy

 

[selcuks2001]

Hello ADB100,
Can you send me configurations of the switch and the IAS policies you are using? I am trying this thing with Cisco 3550. It works fine but I cannot realize dynamic VLAN assignment. If I assign the VLAN to the port manually it works but it doesn't when I want that IAS determines the VLAN assignment of the port.



Regards
b^2-4ac

 

[burtsbees]

Hey Andy...been a while. Been busy, I presume?

/

 

[ADB100]

Got a new PC back in February.....

Anyway for dynamic VLAN assignment you need aaa authorization enabling, plus you need to send the Radius attributes (Tunnel-Pvt-Grp-ID & Tunnel-Type) to the switch from the radius server. The Tunnel-Pvt-Grp-ID needs to be the VLAN name or number and the Tunnel-Type needs to be 'Virtual-LANs'.

HTH

Andy