locked
Setting 802.1x with window 2008, switch 2950 and client RRS feed

  • Question

  • My company intend implement a system with follow diagram:

    Client --- Cisco catalyst Switch 2950 (support 802.1x)--- window server 2008 (RADIUS server)

    or

    Client ---- Access Point (support 802.1x) --- window server 2008 (RADIUS server)

    And i not have any document to Reference and implement it...

    Do you have a document about my problem above. Please share with me...

    Thanks All ...
    Thursday, December 16, 2010 4:16 PM

Answers

All replies

  • YEs, thanks Qunshu for your reply,

    I done a diagram,

    Client --- Cisco catalyst Switch 2950 (support 802.1x)--- window server 2008 (RADIUS server, AD, CA, NPS)

    and when i connect to port of switch, i received a error: Authentication failed (debug on switch with command: debug dot1x error)

    and on my NPS, i get error

    "Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information." ---> Event ID: 6273, Reason Code: 16

    --------------------------------------------------------------------------------------------

    This is event view on my NPS:

    "Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:
        Security ID:            NULL SID
        Account Name:            MU\user1
        Account Domain:            MU
        Fully Qualified Account Name:    MU\user1

    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        00-17-0E-7C-8E-CA
        Calling Station Identifier:        00-80-48-24-69-BD

    NAS:
        NAS IPv4 Address:        192.168.0.3
        NAS IPv6 Address:        -
        NAS Identifier:            -
        NAS Port-Type:            Ethernet
        NAS Port:            50010

    RADIUS Client:
        Client Friendly Name:        Switch 2950 - Radius Client
        Client IP Address:            192.168.0.3

    Authentication Details:
        Proxy Policy Name:        NAP 802.1X (Wired)
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        WIN-LQOG9TTT672.mu.com
        Authentication Type:        PEAP
        EAP Type:            -
        Account Session Identifier:        -
        Reason Code:            16
        Reason:                Authentication was not successful because an unknown user name or incorrect password was used. "

    -----------------------------------------------------------------------------------------------------------

    And on client (XP SP3), i received a error in event view:

    "Wired 802.1X Authentication failed.
     
     Network Adapter: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
     Interface GUID: {558ace81-0809-4760-b1e6-da359388424e}
     Peer Address: 00170E7C8ECA
     Local Address: 0080482469BD
     Connection ID: 0x00000005
     Identity: MU\user1
     User: user1
     Domain: MU
     Reason: 327685
     Reason Text: Windows cannot connect to this network
    There is a problem with the certificate on the server required for authentication.

     Error Code: 778"

    ---------------------------------------------------------------------------------------------------------------

    ConFiguration on my Switch (Cisco Catalyst Switch 2950, version 12.1)

    "Current configuration : 4542 bytes
    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Switch
    !
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    !
    ip subnet-zero
    !
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    dot1x system-auth-control
    !
     --More--         !
    !
    !
    interface FastEthernet0/1
     switchport mode access
    !
    interface FastEthernet0/2
     switchport mode access
    !
    interface FastEthernet0/3
     switchport mode access
    !
    interface FastEthernet0/4
     switchport mode access
     spanning-tree portfast
    !
    interface FastEthernet0/5
     switchport mode access
     dot1x port-control auto
     dot1x guest-vlan 4
     dot1x reauthentication
     spanning-tree portfast
    !
     --More--         interface FastEthernet0/6
     switchport mode access
     dot1x port-control auto
     dot1x guest-vlan 4
     dot1x reauthentication
     spanning-tree portfast
    !
    interface FastEthernet0/7
     switchport mode access
     dot1x port-control auto
     dot1x guest-vlan 4
     dot1x reauthentication
     spanning-tree portfast

    !
    interface Vlan1
     ip address 192.168.0.3 255.255.255.0
     no ip route-cache
    !
    interface Vlan2
     no ip address
     --More--          no ip route-cache
     shutdown
    !
    interface Vlan3
     no ip address
     no ip route-cache
     shutdown
    !
    ip http server
    radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key radius123
    radius-server retransmit 3"


    Help me with error above, very urgent...........and detail solution to resolve it...

    Thanks all for read...wish you a merry christmas :)


     

    Wednesday, December 22, 2010 3:39 PM
  • Can you help me ?
    Thursday, December 23, 2010 3:03 PM
  • Dear,

    May I know if the Radius can be used to authorize for telneting or SSHing to control the Cisco devices?

    Thanks. 


    星星照亮全世界

    Friday, August 22, 2014 7:48 AM