I'm trying to setup user auth on one of my S3500 wired ports and I must be missing something.
I tested without applying the aaa profile to the interface to verify that DHCP is working.
With the below configuration, and the aaa profile applied to the port, I do not even get an authentication window (using a MacBook Pro).
!
Logon role ACL
!
ip access-list stateless logon-control-stateless
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
! Authenticated "dorm-wired" user role ACL
!
ip access-list stateless allowall-stateless
any any any permit
!
! My authenticated user, placed on vlan 2
!
user-role dorm-wired
vlan 2
access-list stateless allowall-stateless
!
! My default role user, placed on vlan 3
!
user-role Post-Auth-Default
vlan 3
access-list stateless logon-control-stateless
!
! My logon role, limited access
!
user-role logon
access-list stateless logon-control-stateless
!
! My dot1x profile, using the interal database for testing purposes
!
aaa authentication dot1x "wired-dorm"
termination enable
!
! My server-group, internal database
!
aaa server-group "auth-internal"
auth-server Internal
set role condition role value-of
!
! My aaa profile
!
aaa profile "dorm-wired"
authentication-dot1x "wired-dorm"
dot1x-default-role "Post-Auth-Default"
dot1x-server-group "auth-internal"
!
! Applied to the client interface, switchport mode is access
!
interface gigabitethernet "0/0/5"
aaa-profile "dorm-wired"
switching-profile "client"