To configure a freeradius server for a cisco switch with DOT1X

0. First make you have a working FreeRadius server running and all is jolly. For details, see my previous post “To configure a freeradius server for a cisco switch”.

1. On the FreeRadius server, add a Dot1X Port-user in /etc/freeradius/users :

# IEEE802.1x user credentials

portuser Cleartext-Password := “test123″

           Reply-Message = “Hello, %u”

Restart the daemon and start snoop port UDP.1812 for good measure.

3. On your Cisco Switch, add the Dot1X Authentication service to your Radius Servers:

(config) # aaa authentication dot1x default group radius

And of course tell the switch port to use Dot1X. Be aware that this is only used on Access Ports!

interface FastEthernet1/0/1

      switchport access vlan 20

      switchport mode access

      dot1x pae authenticator

      dot1x port-control auto


4. Connect your OS as supplicant. (=client)

On OSX this works straight out of the box, for Linux you have to create a Supplicant file.

This entry was posted in Cisco Networking and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


three + = 5

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

What is 8 + 5 ?
Please leave these two fields as-is: