11 Sept 2013

dot1x troubleshoot&view commands

show authentication sessions
show authentication interface XXX

show dot1x interface XXX


debug dot1x events
debug radius


A dot1x adventure...

802.1x

It's hell of an adventure, so strap your gas mask on and join me at the barricades!!

(article is wip, starting with notes first..)


Notes:

Use "Cisco-AV-Pair" parameter with value "device-traffic-class=voice" to make the switch put an IP Phone into a voice vlan.



1. host-mode selection





2. err-disable settings

authentication violation restrict|shutdown
 default is shutdown. i shall use restrict


3. re-auth & timers


inactivity timer (cisco default off)
  • Radius can return Idle-Timeout (in seconds)
  • Radius can return the action to take Termination-Action (I use Default which is reauth without service outage)
reauthentication interval 





I'll be using radius returned parameters for most of this.


 


4. critical AAA