Yes, I have.
Gotchas and tips:
- ARP Spoofing can get tricky in combination with 802.1x due to timers:
http://www.networking-forum.com/viewtopic.php?f=36&t=30029.
- DHCP Snooping works great, but the 'no ip dhcp snooping information option' has to be used for most DHCP servers as 802.1x information is sent with the DHCP packets otherwise and the server can't figure out what this means.
- If authentication doesn't work or takes a long time, fiddle around with the timers. Windows 7 usually works though.
- 'debug radius brief' is your friend (assuming RADIUS is in play, which should be the case). As are 'term mon' andd 'show dot1x interface <int>
detail'. Note that without 'detail' it's a different command here: with it, it shows you if authentication works for a connected client.
- In general most computers will work fine, if not, check for correct credentials and the service 'wired autoconfig' in Windows (which enables 802.1x). I've noticed a remarkable trend: infected/garbage-filled computers tend to have issues more often and sometimes don't send 802.1x credentials out every time a cable is plugged in. I personally call this 'added security'
- Check your IOS version. Depending on how complex your 802.1x config is going to be, you may need a more recent IOS.
Register
Search 
Login
