To configure a freeradius server for a cisco switch with DOT1X

0. First make you have a working FreeRadius server running and all is jolly. For details, see my previous post “To configure a freeradius server for a cisco switch”.

1. On the FreeRadius server, add a Dot1X Port-user in /etc/freeradius/users :

# IEEE802.1x user credentials

portuser Cleartext-Password := “test123”

           Reply-Message = “Hello, %u”

Restart the daemon and start snoop port UDP.1812 for good measure.

3. On your Cisco Switch, add the Dot1X Authentication service to your Radius Servers:

(config) # aaa authentication dot1x default group radius

And of course tell the switch port to use Dot1X. Be aware that this is only used on Access Ports!

interface FastEthernet1/0/1

      switchport access vlan 20

      switchport mode access

      dot1x pae authenticator

      dot1x port-control auto


4. Connect your OS as supplicant. (=client)

On OSX this works straight out of the box, for Linux you have to create a Supplicant file.

This entry was posted in Cisco Networking and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *