Posted on October 6, 2021 3:07 pm
 |  Asked by Benjamin Merkle
Print Friendly, PDF & Email

We have several types of switches (7050, 7010, 7020) with and have the requirement for 802.1X authentication with device certificates, not MAC based. Is it possible? I have found only information about mac bases auth or radius for login
Our not working config until now:
interface Ethernet47
switchport access vlan 10
dot1x pae authenticator
dot1x authentication failure action traffic allow vlan 11
dot1x reauthentication
dot1x port-control auto
dot1x reauthorization request limit 3

in the log files always:

%DOT1X-3-SUPPLICANT_FAILED_AUTHENTICATION_AFVLAN: Supplicant with identity host/FQDN MAC xxxx.xxxx.xxxx and dynamic VLAN 10 failed authentication on port Ethernet47. The supplicant will be put in auth-fail VLAN 11
%DOT1X-4-SUPPLICANT_TIMEOUT: Supplicant with identity host/FQDN and MAC xxxx.xxxx.xxxx timed out during authentication on port Ethernet47.

Post your Answer

You must be logged in to post an answer.