802.1x IOL/vIOS

Moderator: mike

Post Reply
celal491987
Posts: 5
Joined: Sun Mar 11, 2018 12:09 pm

Re: 802.1x IOL/vIOS

Post by celal491987 » Thu Mar 29, 2018 8:49 pm

Uldis (UD) wrote:
Mon Jun 12, 2017 12:49 pm
 yes but not MAB. MAB is buggy
Dot1x works mate.
Do not forget that it virtual evironment and no l1 at here
to get working dot1x you have to shut no shut PC interface facing to switch.
dACL will not work as well on any virtual SW, need real sw
Hi Uldis,

I am trying to work 802.1x on EVE-NG lab unfortunately never succeeded. I ve added my topology.
Cisco ISE Version:2.1.0.474
Windows Server 2012 R2
Windows 10
Switch:CISCO IOL--------L2-ADVENTERPRISEK(-M-15.2-IRON-20151103.bin

Switch Configuration:
ip domain-name celal2.com
crypto key generate rsa gen modulus 1024

aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius

aaa accounting dot1x default start-stop group radius
aaa accounting update periodic 5

radius-server host 172.21.154.35 auth-port 1812 acct-port 1813 test username ise-test key cisco
radius-server dead-criteria ti 30 tries 3

radius-server vsa send accounting
radius-server vsa send authentication
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include

ip radius source-interface vlan 750

aaa server radius dynamic-author
client 172.21.154.35 server-key cisco

device-sensor notify all-changes

ip http server
ip http secure-ser

dot1x system-auth-control
ip device tracking

int et0/3
sw mo ac
sw ac vl 750
spanning-tree bpduguard enable
authentication priority dot1x mab
authentication order dot1x mab
authentication event fail action next-method
authentication host-mode multi-auth
authentication violation restrict
dot1x pae authenticator
mab
dot1x timeout tx-period 10
authentication port-control auto

Could you let me know what am I missing? I cant see any dot1x logs in live radius logs.
Could you share how can you did it on your lab?

Best.
You do not have the required permissions to view the files attached to this post.
Top
Uldis (UD)
Posts: 5177
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:
Contact Uldis (UD)

Re: 802.1x IOL/vIOS

Post by Uldis (UD) » Fri Mar 30, 2018 7:36 am

this image is not OK for MAB, sorry.
Cisco has rare IOL L2 IRON from 09AUG, 2017.
That wone supports MAB and DOT1X

UD
Top
celal491987
Posts: 5
Joined: Sun Mar 11, 2018 12:09 pm

Re: 802.1x IOL/vIOS

Post by celal491987 » Fri Mar 30, 2018 9:25 am

Uldis (UD) wrote:
Fri Mar 30, 2018 7:36 am
 this image is not OK for MAB, sorry.
Cisco has rare IOL L2 IRON from 09AUG, 2017.
That wone supports MAB and DOT1X

UD
Hi Uldis,

Which one do you advice?

Thanks.
Top
Uldis (UD)
Posts: 5177
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:
Contact Uldis (UD)

Re: 802.1x IOL/vIOS

Post by Uldis (UD) » Fri Mar 30, 2018 4:18 pm

Works mate

Code: Select all

SW2_P#sh ver
Cisco IOS Software, Linux Software (I86BI_LINUXL2-IPBASEK9-M), Experimental Version 15.2(20170809:194209) [dstivers-aug9_2017-high_iron_cts 101]
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 09-Aug-17 13:49 by xxxxxxxx
You do not have the required permissions to view the files attached to this post.
Top
celal491987
Posts: 5
Joined: Sun Mar 11, 2018 12:09 pm

Re: 802.1x IOL/vIOS

Post by celal491987 » Fri Mar 30, 2018 7:02 pm

Uldis (UD) wrote:
Fri Mar 30, 2018 4:18 pm
 Works mate

Code: Select all

SW2_P#sh ver
Cisco IOS Software, Linux Software (I86BI_LINUXL2-IPBASEK9-M), Experimental Version 15.2(20170809:194209) [dstivers-aug9_2017-high_iron_cts 101]
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 09-Aug-17 13:49 by xxxxxxxx
Omg how ?
Is that possible to reach you via mail mate?

Thanks.
Top
Post Reply

Return to “EVE-NG General Discussions”