dot1x, radius and telnet authentication

Discussion in 'Cisco' started by g18c@hotmail.com, Oct 31, 2006.

  1. Guest

    Hi, i have setup radius dot1x authentication following guides online.
    However i can no longer login with telnet to the switch, i do not have
    the correct password (however before enabling dot1x the cisco/Cisco
    username/password worked).

    How can i get telnet to authenticate against the username/password
    cisco/Cisco whilst authorising ports with dot1x control. My config is
    below:


    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Switch
    !
    aaa new-model
    aaa authentication dot1x default group radius
    enable secret 5 $1$YeRS$MJ5UC5OFLc6HxqfyC7PVP/
    enable password Cisco
    !
    ip subnet-zero
    !
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    dot1x system-auth-control
    !
    !
    !
    !
    interface FastEthernet0/1
    spanning-tree portfast
    !
    interface FastEthernet0/2
    spanning-tree portfast
    !
    interface FastEthernet0/3
    spanning-tree portfast
    !
    interface FastEthernet0/4
    spanning-tree portfast
    !
    interface FastEthernet0/5
    spanning-tree portfast
    !
    interface FastEthernet0/6
    spanning-tree portfast
    !
    interface FastEthernet0/7
    spanning-tree portfast
    !
    interface FastEthernet0/8
    switchport mode access
    dot1x port-control auto
    spanning-tree portfast
    !
    interface FastEthernet0/9
    spanning-tree portfast
    !
    interface FastEthernet0/10
    spanning-tree portfast
    !
    interface FastEthernet0/11
    spanning-tree portfast
    !
    interface FastEthernet0/12
    switchport mode trunk
    !
    interface Vlan1
    ip address 192.168.0.1 255.255.255.0
    no ip route-cache
    !
    ip http server
    radius-server host 192.168.0.10 auth-port 1812 acct-port 1813 key test
    radius-server retransmit 3
    !
    line con 0
    exec-timeout 0 0
    line vty 0 4
    password cisco
    line vty 5 15
    password cisco
    !
    !
    end

    Thanks,

    Chris
     
    , Oct 31, 2006
    #1
    1. Advertising

  2. Thrill5 Guest

    <> wrote in message
    news:...
    > Hi, i have setup radius dot1x authentication following guides online.
    > However i can no longer login with telnet to the switch, i do not have
    > the correct password (however before enabling dot1x the cisco/Cisco
    > username/password worked).
    >
    > How can i get telnet to authenticate against the username/password
    > cisco/Cisco whilst authorising ports with dot1x control. My config is
    > below:
    >
    >
    > !
    > version 12.1
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname Switch
    > !
    > aaa new-model
    > aaa authentication dot1x default group radius
    > enable secret 5 $1$YeRS$MJ5UC5OFLc6HxqfyC7PVP/
    > enable password Cisco
    > !
    > ip subnet-zero
    > !
    > !
    > spanning-tree mode pvst
    > no spanning-tree optimize bpdu transmission
    > spanning-tree extend system-id
    > dot1x system-auth-control
    > !
    > !
    > !
    > !
    > interface FastEthernet0/1
    > spanning-tree portfast
    > !
    > interface FastEthernet0/2
    > spanning-tree portfast
    > !
    > interface FastEthernet0/3
    > spanning-tree portfast
    > !
    > interface FastEthernet0/4
    > spanning-tree portfast
    > !
    > interface FastEthernet0/5
    > spanning-tree portfast
    > !
    > interface FastEthernet0/6
    > spanning-tree portfast
    > !
    > interface FastEthernet0/7
    > spanning-tree portfast
    > !
    > interface FastEthernet0/8
    > switchport mode access
    > dot1x port-control auto
    > spanning-tree portfast
    > !
    > interface FastEthernet0/9
    > spanning-tree portfast
    > !
    > interface FastEthernet0/10
    > spanning-tree portfast
    > !
    > interface FastEthernet0/11
    > spanning-tree portfast
    > !
    > interface FastEthernet0/12
    > switchport mode trunk
    > !
    > interface Vlan1
    > ip address 192.168.0.1 255.255.255.0
    > no ip route-cache
    > !
    > ip http server
    > radius-server host 192.168.0.10 auth-port 1812 acct-port 1813 key test
    > radius-server retransmit 3
    > !
    > line con 0
    > exec-timeout 0 0
    > line vty 0 4
    > password cisco
    > line vty 5 15
    > password cisco
    > !
    > !
    > end
    >
    > Thanks,
    >
    > Chris
    >


    Add the following to your config.

    aaa authorization exec default none

    Scott
     
    Thrill5, Nov 1, 2006
    #2
    1. Advertising

  3. Thrill5 Guest

    <> wrote in message
    news:...
    > Hi, i have setup radius dot1x authentication following guides online.
    > However i can no longer login with telnet to the switch, i do not have
    > the correct password (however before enabling dot1x the cisco/Cisco
    > username/password worked).
    >
    > How can i get telnet to authenticate against the username/password
    > cisco/Cisco whilst authorising ports with dot1x control. My config is
    > below:
    >
    >
    > !
    > version 12.1
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname Switch
    > !
    > aaa new-model
    > aaa authentication dot1x default group radius
    > enable secret 5 $1$YeRS$MJ5UC5OFLc6HxqfyC7PVP/
    > enable password Cisco
    > !
    > ip subnet-zero
    > !
    > !
    > spanning-tree mode pvst
    > no spanning-tree optimize bpdu transmission
    > spanning-tree extend system-id
    > dot1x system-auth-control
    > !
    > !
    > !
    > !
    > interface FastEthernet0/1
    > spanning-tree portfast
    > !
    > interface FastEthernet0/2
    > spanning-tree portfast
    > !
    > interface FastEthernet0/3
    > spanning-tree portfast
    > !
    > interface FastEthernet0/4
    > spanning-tree portfast
    > !
    > interface FastEthernet0/5
    > spanning-tree portfast
    > !
    > interface FastEthernet0/6
    > spanning-tree portfast
    > !
    > interface FastEthernet0/7
    > spanning-tree portfast
    > !
    > interface FastEthernet0/8
    > switchport mode access
    > dot1x port-control auto
    > spanning-tree portfast
    > !
    > interface FastEthernet0/9
    > spanning-tree portfast
    > !
    > interface FastEthernet0/10
    > spanning-tree portfast
    > !
    > interface FastEthernet0/11
    > spanning-tree portfast
    > !
    > interface FastEthernet0/12
    > switchport mode trunk
    > !
    > interface Vlan1
    > ip address 192.168.0.1 255.255.255.0
    > no ip route-cache
    > !
    > ip http server
    > radius-server host 192.168.0.10 auth-port 1812 acct-port 1813 key test
    > radius-server retransmit 3
    > !
    > line con 0
    > exec-timeout 0 0
    > line vty 0 4
    > password cisco
    > line vty 5 15
    > password cisco
    > !
    > !
    > end
    >
    > Thanks,
    >
    > Chris
    >


    Sorry this is what you need

    aaa authentication login default line

    Scott
     
    Thrill5, Nov 1, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rick
    Replies:
    0
    Views:
    2,347
  2. Replies:
    3
    Views:
    922
  3. Dot1x Mac-Auth-Bypass

    , Jun 29, 2006, in forum: Cisco
    Replies:
    0
    Views:
    985
  4. Replies:
    0
    Views:
    662
  5. acbgamir
    Replies:
    1
    Views:
    559
Loading...

Share This Page