1
Performance-based question
Network Services and Security
hard
You are connected to R1. Configure AAA with a RADIUS server at 10.0.0.2/30 (key 'cisco123') so that console and VTY login use RADIUS first, then local authentication. Additionally, troubleshoot why an 802.1X-enabled switch port (GigabitEthernet0/1) on R1 is stuck in the unauthorized state. The RADIUS server is reachable but authentication fails. Verify using 'show aaa servers' and 'show dot1x interface GigabitEthernet0/1 details'.
Exhibit
R1# show running-config | section aaa aaa new-model aaa authentication login default group radius local aaa authentication dot1x default group radius ! radius server RADIUS address ipv4 10.0.0.2 auth-port 1812 acct-port 1813 key cisco123 ! interface GigabitEthernet0/1 switchport mode access authentication port-control auto dot1x pae authenticator ! R1# show aaa servers RADIUS: id 1, priority 1, host 10.0.0.2, auth-port 1812, acct-port 1813 State: current UP, duration 120s, previous duration 0s Dead: total time 0s, count 0 R1# show dot1x interface GigabitEthernet0/1 details Dot1x Info for GigabitEthernet0/1 ------------------------------- PAE = AUTHENTICATOR PortControl = AUTO PortStatus = UNAUTHORIZED ReAuthentication = Disabled QuietPeriod = 60 ServerTimeout = 30 SuppTimeout = 30 ReAuthMax = 2 MaxReq = 2 TxPeriod = 30 RateLimitPeriod = 0 AuthMethod = Open Critical = no Critical Recovery = no Guest VLAN = no Host Mode = Single Auth-Fail VLAN = no Vlan Group = no Capability = n/a Client Status = not authenticated Client Mac = 0000.0000.0000 Client IP = 0.0.0.0 Client Username = unknown Client Auth Protocol = unknown Client VLAN = 0 Client Session ID = 0
Network Topology
R1# show running-config | section aaa aaa new-model aaa authentication login default group radius local aaa authentication dot1x default group radius ! radius server RADIUS address ipv4 10.0.0.2 auth-port 1812 acct-port 1813 key cisco123 ! interface GigabitEthernet0/1 switchport mode access authentication port-control auto dot1x pae authenticator ! R1# show aaa servers RADIUS: id 1, priority 1, host 10.0.0.2, auth-port 1812, acct-port 1813 State: current UP, duration 120s, previous duration 0s Dead: total time 0s, count 0 R1# show dot1x interface GigabitEthernet0/1 details Dot1x Info for GigabitEthernet0/1 ------------------------------- PAE = AUTHENTICATOR PortControl = AUTO PortStatus = UNAUTHORIZED ReAuthentication = Disabled QuietPeriod = 60 ServerTimeout = 30 SuppTimeout = 30 ReAuthMax = 2 MaxReq = 2 TxPeriod = 30 RateLimitPeriod = 0 AuthMethod = Open Critical = no Critical Recovery = no Guest VLAN = no Host Mode = Single Auth-Fail VLAN = no Vlan Group = no Capability = n/a Client Status = not authenticated Client Mac = 0000.0000.0000 Client IP = 0.0.0.0 Client Username = unknown Client Auth Protocol = unknown Client VLAN = 0 Client Session ID = 0
R1#
Cisco IOS Software, Version 15.2(4)M1
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Press RETURN to get started.
R1#█