hi,
having three vlans and now trying to introduce dot1x to only certain ports I do:
Rd(config)#dot1x system-auth-control # enable it
Rd(config)#aaa authentication dot1x default radius # point to radius
Rd(config)#interface ethernet 1/g1 # bind it to a port
Rd(config-if-1/g1)#dot1x port-control auto # config dot1x
I assumed that dot1x has to be forced/activated on per port/int basis and before that is done there is no dot1x, but it seems that - dot1x system-auth-control - does not wait for anything and shuts everything down instantly.
Is this desired behaviour?
And if yes then how does one introduce dot1x gradually, staring with one ethernet port which is configured like here:
1/g1
Flow Control:Enabled
Port: 1/g1
VLAN Membership mode:Access Mode
Operating parameters:
PVID: 1
Ingress Filtering: Enabled
Acceptable Frame Type: Untagged
Default Priority: 0
GVRP status:Disabled
Protected:Disabled
--More-- or (q)uit
Port 1/g1 is member in:
VLAN Name Egress rule Type
---- --------------------------------- ----------- --------
1 Default Untagged Default
Static configuration:
PVID: 1
Ingress Filtering: Enabled
Acceptable Frame Type: Untagged
Port 1/g1 is statically configured to:
VLAN Name Egress rule
---- --------------------------------- -----------
Forbidden VLANS:
VLAN Name
---- ---------------------------------
many! thanks
L.