802.1x Rack Rental not working

Hello:

I've been trying to complete the 802.1x task with ACS from Workbook section 4 on the rack rentals, but it is not working. I have been troubleshooting and seems that some packets are lost in transit, because the authentication times out and the client does not get authorized. The prompt for the username and password never appears on testpc.

On the testpc that is behind an IP Phone in switch 1, I can not see any EAPOL packets coming from the PC, even after configuring the voice vlan.

On the testpc that is directly connected to switch 3, I can see EAPOL packets coming from the PC, the switch forwards to RADIUS, RADIUS answers with challenge, switch sends challenge to client, but there is no response back from client. So the authentication times out.

Could it be that the USB to Ethernet adapter is afecting this? Does anybody been able to complete this part?

Regards,

AS

Comments

  • Did you try a reload on the Test-Pc?
    Regards,
    Cristian.

    Sent from my iPhone

    On Sep 15, 2013, at 3:48, aleksies <[email protected]> wrote:

    Hello:

    I've been trying to complete the 802.1x task with ACS from Workbook section 4 on the rack rentals, but it is not working. I have been troubleshooting and seems that some packets are lost in transit, because the authentication times out and the client does not get authorized. The prompt for the username and password never appears on testpc.

    On the testpc that is behind an IP Phone in switch 1, I can not see any EAPOL packets coming from the PC, even after configuring the voice vlan.

    On the testpc that is directly connected to switch 3, I can see EAPOL packets coming from the PC, the switch forwards to RADIUS, RADIUS answers with challenge, switch sends challenge to client, but there is no response back from client. So the authentication times out.

    Could it be that the USB to Ethernet adapter is afecting this? Does anybody been able to complete this part?

    Regards,

    AS




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • Yes, i have tried that and also joined the pc to the domain with no success.

    Sent from my iPad

    On Sep 15, 2013, at 3:20 AM, "cristian.matei" <[email protected]> wrote:

    Did you try a reload on the Test-Pc?
    Regards,
    Cristian.

    Sent from my iPhone

    On Sep 15, 2013, at 3:48, aleksies <[email protected]> wrote:

    Hello:

    I've been trying to complete the 802.1x task with ACS from Workbook section 4 on the rack rentals, but it is not working. I have been troubleshooting and seems that some packets are lost in transit, because the authentication times out and the client does not get authorized. The prompt for the username and password never appears on testpc.

    On the testpc that is behind an IP Phone in switch 1, I can not see any EAPOL packets coming from the PC, even after configuring the voice vlan.

    On the testpc that is directly connected to switch 3, I can see EAPOL packets coming from the PC, the switch forwards to RADIUS, RADIUS answers with challenge, switch sends challenge to client, but there is no response back from client. So the authentication times out.

    Could it be that the USB to Ethernet adapter is afecting this? Does anybody been able to complete this part?

    Regards,

    AS




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • What are the port configs for 802.1x?

  •  

    This is the configuration in global config

    ip radius source-interface Vlan10 
    radius-server host 10.0.1.101 auth-port 1645 acct-port 1646 key radkey
    !
    aaa authentication dot1x default group radius
    aaa authorization network default group radius 
    dot1x system-auth-control
    !

    This is the configuration for the port with the IP Phone and PC behind the IP Phone.

    interface FastEthernet1/0/5

     switchport access vlan 192

     switchport mode access

     switchport voice vlan 19

     authentication port-control auto

     dot1x pae authenticator

     spanning-tree portfast

    !

    This is the configuration for the PC directly connected to the switch.

    interface GigabitEthernet1/0/5

     switchport access vlan 192

     switchport mode access

     authentication port-control auto

     dot1x pae authenticator

     spanning-tree portfast

    !

  • Hi,

    Wait for the new Identity Management section to be posted this week. One of the problems with having the pc behind the ip phone is that the host-mode needs to be Multi-domain.

    Regards,
    Cristian.

    Sent from my iPhone

    On Sep 16, 2013, at 15:40, aleksies <[email protected]> wrote:

     

    This is the configuration in global config

    ip radius source-interface Vlan10 
    radius-server host 10.0.1.101 auth-port 1645 acct-port 1646 key radkey
    !
    aaa authentication dot1x default group radius
    aaa authorization network default group radius 
    dot1x system-auth-control
    !

    This is the configuration for the port with the IP Phone and PC behind the IP Phone.

    interface FastEthernet1/0/5

     switchport access vlan 192

     switchport mode access

     switchport voice vlan 19

     authentication port-control auto

     dot1x pae authenticator

     spanning-tree portfast

    !

    This is the configuration for the PC directly connected to the switch.

    interface GigabitEthernet1/0/5

     switchport access vlan 192

     switchport mode access

     authentication port-control auto

     dot1x pae authenticator

     spanning-tree portfast

    !




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx






  • Thanks, i look forward to that.



     



    Sent: Monday, September 16, 2013 10:41 AM


    Subject: Re: [CCIE Sec] 802.1x Rack Rental not
    working

     


    Hi,

     

    Wait for the new Identity Management section to be posted this week. One of
    the problems with having the pc behind the ip phone is that the host-mode needs
    to be Multi-domain.

     

    Regards,

    Cristian.

    Sent from my iPhone


    On Sep 16, 2013, at 15:40, aleksies <[email protected]>
    wrote:


     

    This is the configuration in global config

    ip radius source-interface Vlan10 
    radius-server host 10.0.1.101 auth-port 1645 acct-port 1646 key radkey
    !
    aaa authentication dot1x default group radius
    aaa authorization network default group radius 
    dot1x system-auth-control
    !

    This is the configuration for the port with the IP Phone and PC behind the
    IP Phone.

    interface FastEthernet1/0/5

    switchport access vlan 192

    switchport mode access

    switchport voice vlan 19

    authentication port-control auto

    dot1x pae authenticator

    spanning-tree portfast

    !

    This is the configuration for the PC directly connected to the switch.

    interface GigabitEthernet1/0/5

    switchport access vlan 192

    switchport mode access

    authentication port-control auto

    dot1x pae authenticator

    spanning-tree portfast

    !




    INE - The Industry Leader in CCIE
    Preparation
    http://www.INE.com

    Subscription
    information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx



    INE
    - The Industry Leader in CCIE
    Preparation
    http://www.INE.com

    Subscription information may be found
    at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx
Sign In or Register to comment.