i) Enabling Dot1x authentication on the windows client.
ii) Configuring the services on CPPM for wired Dot1x clients on a Cisco switch
iii) Configuring Cisco Switch to enable Dot1x and forward the request to CPPM
iv) Adding the Cisco device as a NAD device.
Environment : This Article is written for CPPM 6.2.0 and greater
Note : This Setup requires CPPM to be added to the domain.
1: Configure the Cisco Switch to enable Dot1x.
Create Vlans on the switch.
Configuring ports one by one would not be possible so we can use "Range" option.
Below example would configure the all the ports within range GigabitEthernet 1/0/1 to 1/0/24
Cisco-3750-Lab(config)#interface range gigabitEthernet 1/0/1 - 24
2: Add Switch to CPPM
Navigate to Configuration > Network > Devices
Click Add Device
Add the device as shown below.
3: 802.1x Service SetupNavigate to Configuration » Service Template and Select 802.1X Wired Access Service Template
This will open a new window as below
Select the Switch from the Drop down to auto populate the remaining fields.
We can fill the Enforcement details as above or customize is based on our requirements.
Hitting "Add Service" will save and add the service.
4: Enable Dot1X on the client.
You must be logged on as an administrator to perform these steps.
To complete this procedure, you must first enable the Wired AutoConfig service, which is turned off by default.
Click the Start button , and then, in the Search box, type services.msc, and then press ENTER. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
In the Services dialog box, click the Standard tab, right-click Wired AutoConfig, and then click Start.
Open Network Connections by clicking the Start button , clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, and then clicking Manage network connections.
Right-click the connection that you want to enable 802.1X authentication for, and then click Properties. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
Click the Authentication tab, and then select the Enable IEEE 802.1X authentication check box.
In the Choose a network authentication method list, click the method you want to use.
To configure additional settings, click Settings.
Connect a client and verify.
Question : After connecting my client, it is not getting an IP address and nothing is seen in the access tracker.
Answer: We can check the Event Viewer for more details.
Navigate to Monitoring » Event Viewer and look for below
|RADIUS||ERROR||Authentication||Unknown||Aug 26, 2013 05:29:04 PST|