In order for the RADIUS authentication to succeed with the above mentioned switch and software,
"Authentication, Authorization and Accounting" need to be disabled. This can be done by following
procedure:
Command:
•
Enter global configuration mode
•
Disable accounting for 802.1X. The parameter <radius> sets the default group holding the
attributes for RADIUS authentication. The group <radius> is configured and available by de-
fault. For any specific needs create your own group.
Otherwise, the RADIUS server receives an accounting request containing an empty user name. This
request is not treated as an authentication failure; therefore the switch will not disable the port, allowing
all network traffic. Given these circumstances client computers can perform health evaluations, but will
be assigned a VLAN, remaining in the configured guest VLAN.
Furthermore, the legacy mode must be enabled on the switch to obtain a successful authentication.
This is only possible by entering following command in the switch's command interface via telnet or the
web interface.
•
Where the following must be replaced according to your configuration:
Table 14–22
Command for Legacy Mode – Pptions
$Server$
IP or host name of the RADIUS server
$User$
User name
$Pwd$
Password
$Port$
Tthe RADIUS server's listening port
204 802.1X – Technical Guideline
configure terminal
no aaa accounting dot1x default group
Switch# test aaa group radius server $Server$ $User$ $Pwd$
port $Port$ legacy
<radius>
Need help?
Do you have a question about the NG Network Access Client SP4 and is the answer not in the manual?
Questions and answers