802.1X and Hub Use

I'm trying 802.1x in the lab. It works fine connected directly to the switch port. However, when I try to connect through a hub it won't authenticate properly.
The debug messages tell me the following:
Aug 30 16:19:19: dot1x-err:Dot1x is supportedonly on Access,Routed and private-vlan host modes.Trunk port being Authorized!! something went wrong
Aug 30 16:19:19: dot1x-err:Port wouldn't come up. Failing authorization.
But the interface is an access port:
switch#sh run int fa0/5
Building configuration...
Current configuration : 136 bytes
interface FastEthernet0/5
switchport mode access
dot1x port-control auto
dot1x host-mode multi-host
spanning-tree portfast
end
Here is what I'm running:
switch#sh ver
Cisco IOS Software, C3550 Software (C3550-IPBASEK9-M), Version 12.2(25)SEB, RELEASE SOFTWARE (fc1)
Why would it think I'm running a trunk port? Is this some defensive mechanism to stop bypassing of 802.1x controls? If so, how can I get it to work with hubs without turning off 802.1x on that port?
Allan

I have new information that may be of value for those who might run into this situation.
The problem I was having is somehow related to the hub I was using (Netgear DS104). I tried another hub of the same model and it too wouldn't allow connection. Yet when I use a 3Com hub everything works as I would expect it to. There may be some compatability issue with the Netgear hub that I'm not aware of and don't have time to research. Perhaps those layer 1 experts out there have some insight.

Similar Messages

  • After setting up my brand new Airport Express 802.11n and accidentally using it to connect my iMac to the network...my iMac no longer connects through Ethernet?  Any ideas...I have tried everything without success!!

    I have been using Apple technology for about 10 years starting with 1st generation iPods and our house now includes a 5 year old iMac, all versions of iPods and touches, Apple TVs (both generations) and most recently an iPad 2.  I have always told family and friends that Apple technology just works.  Unfortunately that stopped today.  I bought a new Airport Express 802.11n to use for AirTunes around my new pool.  I set it up from my iMac and accidentally used it to connect my iMac to the network for a short time.  Now I can no longer connect the iMac to the network using a hard wired Ethernet cable.  I have tried resetting everything possible, from hubs to routers to the Mac itself and it just will not connect to the network through Ethernet any longer.  I am now a very frustrated Apple user especially when the support site says I can't use the fast path support because my product was manufactured 5 years ago...I just bought it at BestBuy yesterday.  All other computers and itechnology in the house are connecting via wifi and Ethernet without any issue except from my new iMac boat anchor.  Anybody who can help me???  Thanks

    John, thanks for the email so quickly.
    I too hope I haven't tried "everything" either but I am reasonably technical.  I had done what you suggested to do before but I did both again.
    Ethernet is yellow in the left side bar.  In the right pane it's status says Connected but then below it says "Ethernet has a self-assigned IP address and will not be able to connect to the Internet."
    I have tried the assist me menu and Network Status has Ethernet Green, Network settings Yellow, ISP Green, and Internet and Server Red and Failed for both.  I have turned things off and on, checked cables, deleted all locations and tried restting them up but to no avail.  I even disconnected everything and connected the mac directly into the cable modem itself and the thing still will not connect.
    Thoughts???

  • What's the difference between using and 802.11a and 5GHz only?

    What's the difference between using "802.11n (802.11a compatible)" and "802.11n only (5GHz)" modes on the Airport Extreme?

    802.11a gives you 802.11g speeds but using 5GHz (54mbps
    802.11n gives you 144Mbps (600 peak) at 2.4GHz or 5GHz

  • Time capsule and home hub use

    Can i connect a Time Capsule to my BT Home Hub but still having the home hub as the only wireless router. I only want to backup my MBP over wireless

    Can i connect a Time Capsule to my BT Home Hub but still having the home hub as the only wireless router
    Yes.
    You have the option of connecting the Time Capsule to the Home Hub using an Ethernet cable, or you can connect to the Home Hub using wireless only and locate the Time Capsule in a "safe" location as a security measure.

  • VPN hub and spoke topology, hub using two interfaces

    Hi,
    I'm facing a problem with Cisco ASA 5500 running software 8.4.
    I know, i know, VPN hub and spoke was already discussed many times. But all these discussions are about a hub using only one interface, the outside/public interfcae.
    My topology is slightly different.
    LAN-A - VPN peer A <--> (Internet) <--> (outside if)-ASA-B-(inside if) <--> (corporate network) <--> (outside if)-ASA-C-(inside if) <--> LAN-C
    VPN communication should flow between LAN-A and LAN-C.
    Phase I and phase II are working on both tunnels (A-B, B-C). Therefore cryptomaps should be right.
    IPsec SA for tunnel A-B is explicit for LAN-A and LAN-C.
    IPsec SA for tunnel B-C connects any with LAN-C.
    What I can see on ASA-B is incoming traffic from LAN-A on tunnel A-B.
    That does not trigger an SA for tunnel B-C!
    Traffic initiated from LAN-C, I can see on ASA-B as incoming traffic, SA for LAN-A to LAN-C is build up on tunnel B-C.
    Traffic seems to enter tunnel A-B as I can see outgoing traffic on ASA-B.
    Of course, NAT exemption is configured for traffic between LAN-A and LAN-C.
    Why doesn't incoming traffic from LAN-A initiate SA on tunnel B-C?
    It looks like incoming traffic from LAN-A enters ASA-B and is dropped or send anywhere but the right direction.
    I admit I'm clueless.
    Any help would be appreciated.
    Thanks folks.

    Analyzing the config files you revealed the inactiv NAT exemption for traffic flow between LAN-A and LAN-C.
    Furthermore a static route fro LAN-C out the inside interface was missing.
    Fixing both communication works fine.
    Thanks for the real good support.

  • Texting and just being in the HUB uses a lot of power. Help, please!

    First let me say that if any BlackBerry rep posts that useless battery saving guide in response to my question, I will flip.
    Being in the hub uses 1-1.6 watts of power which is the same amount that facebook or twitter uses, if not more. This should not happen. I've tried to contact via twitter the BlackBerryHelp people but they never got back to me. There is no 1-800 number. I'm asking everyone if this is normal? I have done every single battery tweak I can and this is still happening. I am at my wits end. I can watch the battery percentage tick away while composing an email or a text. I have two batteries. Both experience the same drain. Thank you for your time

    I haven't experienced serious battery drain on my Z10 (yet).
    I'm not super technical when it comes to the watts of power used by the Hub but if that's where EVERYTHING is being updated, wouldn't it make sense that it would use a higher than average amount of power?
    Just a thought.  Cheers. 
    - If my response has helped you, please click "Options" beside my post and mark it as solved. Clicking the "thumbs up" icon near the bottom of my response would also be appreciated.

  • Using 802.1x and vpn on t-mobile hotspot

    hi all,
    how do i configure 802.1x and vpn to enhance security on t-mobile hotspot?
    thanx for your help.

    Multi-Host is not the right option for you. In this Multi-Host only one device has to successfully authenticate to authenticate all device on that port.
    You need to set host-mode to  "multi-auth"

  • Yoga 13 Wireless Fix - far better range and speed using 5G Linksys AE6000 .11ac usb nub

    $60 Linksys model AE6000 802.11ac USB hub has made my Yoga 13 a useful device.  Benefits are as follows, along with a quick "how to" tutorial.  
    Far better range from my access point (80 feet with reasonable speed on Linksys vs. 30 feet using built-in Realtek WLAN card.
    Significantly faster speed 55 meg/sec using 5G, compared to stock Yoga/Realtek's 2.4 GHz-limited 14-16 meg/second download speeds - both tests done same day using Ookla Speedtest.net)
    No longer crashing after resume (I suspect the crashing that began with Win 8.1 is due to driver issue)
    Recognizes both 2.4 GHz and 5 GHz WLAN networks (Windows 8.1 failed to recognize 5GHz signal until I backdated the Linksys WLAN driver to use Windows 7 driver).
    TUTORIAL / STEPS:
    Turn off (or at a minimum - review before downloating) windows updates - otherwise Win8.1/Yoga will over-write the good driver you're about to install and revert you back to slow WLAN performance.  Give Microsoft 6-12 months & maybe they'll get the drivers right for their POS Win 8.1.  
    Create a restore point.
    Download & the Windows 7 (yes, seven) drivers to a folder on your Yoga.  
    Then open the following folder:
    C\Windows\System32\drivers
    Locate the file named "netr28ux.sys" and move it to a new folder you create on your desktop (for safe keeping)
    Download the Windows 7 x64 drivers for the Linksys AE6000 and the installation/setup program from the Linksys support pages here
    http://support.linksys.com/en-us/support/adapters/AE6000
    Extract those Win7 x64 files (including the netr28ux.sys file) into their own folder, then copy the extracted files to the
    C\Windows\System32\drivers  folder.
    Run the Linksys AE6000's little setup utility, insert the little nub into your USB port, complete running the setup utility, type in (or select) your network, type in your password & select your encryption type, and you should be in good shape.  
    I turn my onboard "WLAN 1" card off using the right-swipe/charms, and the Linksys shows up as "WLAN 2" with the networks it's picking up.  
    CAVEATS:  
    The Linksys AE6000 occupies one your USB ports, but the Linksys AE6000 seems to have the smallest size (barely 1" sticking out) and was rated the fastest of its size by PC Magazine.  Very good performance for .11n and .11ac environments.
    This mod may not be for everyone.  I was able to barely tolerate the Yoga's wireless limitations since purchasing in May, but the Win 8.1 rollout (along with what must be craptastic drivers) was the last straw.  The system began behavng erratically, crashing after resume, and wireless was even worse (speed degraded to 1 meg/sec or less up and download, within an hour after a reboot).  
    I have not checked the impact of this nub on battery life.  I suspect it may be a little worse than stock, but it may be a reasonable tradeoff for me to actually be able to travel more than 30 feet from my router/access point (and have YouTube stream in FHD without stutters/crashes).  
    BACKGROUND:
    After Windows 8.1 update, my Yoga 13's wireless performance went from barely adequate to useless (crashed on resume, speed degradation an hour after fresh boot, etc.).
    I'm sharing this info because I've enjoyed this machine's other assets so much.  It's too bad we can't replace the Realtek WLAN card, and obviously Lenovo though enough of our issues suffered that they chose a different card for the Yoga 2 (although the antenna design still may be partly to blame for some of those performance issues as well).   Love the keyboard, display, etc. and can put up with the fan noise (if someone has a fix for fan noise though, please post to this thread or point me to the fix).  
    Best of luck with this potential (relatively inexpensive) work-around.  It's not as ideal as switching out the internal card, but I'm pretty pleased so far.  If there are other wireless fixes, please share on this thread.  
    Thanks,
    Stanford

    Having used this thing for a couple of weeks now, I'm still amazed at how great the network performance is and how it's transformed my Yoga 13 into a near-instant device around the house (incl range that extends to the garage and perimeters of front & back yards.  And traveling is pretty phenomenal too - great speeds at the hotels we've visited (instead of having to tether my 4G phone because Lenovo's weak-sauce wireless couldn't hang onto a 1-bar connection for 3 minutes).  
    It's a small tradeoff in having a 1" by 1/8" inch "nub" stick out of a USB port, but one of the best $60 upgrades I've ever done.  Highly recommended.

  • Setting up Time Capsule with existing AirPort Extreme 802.11n and AirPort Express.

    I already have and am using an AirPort Extreme 802.11n with an AirPort Express. I want to set up a Time Capsule 802.11n. Which is the best way to configure this?

    ... Which is the best way to configure this?
    The answer depends on what you need the TC to accomplish. If all you need it to do is perform Time Machine backups, simply have it join your existing network in client mode. It would be if it were to connect to your existing router (presumably your Extreme), not through an "extended" wireless network (presumably your Express).
    If you need the TC to "extend" your network so as to serve additional wireless clients, you can do that also. Configure it to "extend" the network created by your Extreme.
    As you can see it's quite versatile.

  • CiscoWorks user options "device type groups|switch and Hubs"

    Hi,
    We are using CiscoWorks software to deploy new configuration to our network devices.  Because our environnement is mixed about version of network devices we have to create a new netconfig job for each device model, because in some plate-forme configuration option, syntax maybe different of each other.
    When I create a new netconfig job with my username under "device type groups|switch and Hubs" I have a list there of all plate-forme we have in our production environnement managed by CiscoWorks software.  I know thoses group was'nt define by on of us and thoses are define by default in CiscoWorks software, but they are hiden by default per user basic.
    We have a new one in our team, I had created his user name and password, but I can find the option where I can asked to make visible to him plate-form device type group as I have in my user configuration.
    Also, is it possible to copy private define group to an other user without to make thoses as public ?
    Thanks a lot !

    Here,
    is a view of what I have with my user
    but in his profile he is only see
    Device type Groups
         + Routers
         + Switches and Hubs
         + Wireless
    if he clic on the plus sing to develop group "Switches and Hubs" he see all switches and hub managed by CiscoWorks software.  I know He did not create Cisco Catalyst 2912 XL Switch and Cisco Catalyst 2924 XL Switch group in my profile.  I know we have to modify an option in CiscoWorks per user basic to view those group, the person who where that option should be modifiy is currently in vacation, but he will need that option enable before our specialist will be back !
    Thanks a lot !

  • I updated my LG G3 this week and now it SUCKS!  When I'm connected to WIFI, nothing on Facebook works.  The photos and videos won't populate.  I have to turn off the WIFI and only use the mobile data. Not to mention, I really hate the way it looks now.

    I updated my LG G3 this week and now it SUCKS!  When I'm connected to WIFI, nothing on Facebook works.  The photos and videos won't populate.  I have to turn off the WIFI and only use the mobile data. Not to mention, I really hate the way it looks now.   Before I updated my phone, I really liked it, now I don't like my phone at all!  When will this be fixed? I hope it's soon.  I'm thinking of changing providers now.

    Does the iOS device connect to other networks? If yes that tend to indicate a problem with your network.
    Does the iOS device see the network?
    Any error messages?
    Do other devices now connect?
    Did the iOS device connect before?
    Try the following to rule out a software problem:                
    - Reset the iOS device. Nothing will be lost
    Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
    least ten seconds, until the Apple logo appears.
    - Power off and then back on your router
    .- Reset network settings: Settings>General>Reset>Reset Network Settings
    - iOS: Troubleshooting Wi-Fi networks and connections
    - Wi-Fi: Unable to connect to an 802.11n Wi-Fi network      
    - iOS: Recommended settings for Wi-Fi routers and access points
    - Restore from backup. See:
    iOS: How to back up
    - Restore to factory settings/new iOS device.
    If still problem and it does not connect to any networks make an appointment at the Genius Bar of an Apple store since it appears you have a hardware problem.
    Apple Retail Store - Genius Bar

  • Cisco Systems vs "CSIRO" 802.11a and 802.11g infringed upon the '069 patent

    Hi,
    any news about Cisco Systems and the "CSIRO" 802.11a and 802.11g infringed upon the '069 patent ?
    http://www.buffalotech.com/products/wireless/
    Dear Customer
    As you may be aware, Commonwealth Scientific and Industrial Research Organisation ("CSIRO") sued Buffalo, Inc. and Buffalo Technology (USA), Inc. ("Buffalo"), for alleged infringement of United States Patent No. 5,487,069 ("the '069 patent"). Subsequently, CSIRO also asserted its patent against the entire wireless LAN industry, including, Microsoft, Intel, Accton, SMC and Netgear.
    In it's lawsuit against Buffalo, CSIRO claimed certain Buffalo wireless networking products compliant with IEEE standards 802.11a and 802.11g infringed upon the '069 patent. Buffalo believed at that time and continues to believe that there are no grounds for CSIRO's allegations of infringement. The United States district court, however, found Buffalo to infringe the '069 patent and enjoined the importation and sale of Buffalo's IEEE 802.11a and 802.11g compliant products.
    CSIRO's lawsuits are against the entire wireless LAN industry and could affect the supply of wireless LAN products by any manufacturer, not just Buffalo. The entire industry is resisting CSIRO's attempts to enjoin the sale of wireless LAN products. Recently, Microsoft, 3COM Corporation, SMC Networks, Accton Technology Corporation, Intel, Atheros Communications, Belkin International, Dell, Hewlett-Packard, Nortel Networks, Nvidia Corporation, Oracle Corporation, SAP AG, Yahoo, Nokia, and the Consumer Electronics Association filed briefs in support of Buffalo's position that injunctive relief is inappropriate in this case.
    During the period of time that the injunction is in effect (10/1/2007), Buffalo cannot offer for sale, sell, import, or use its IEEE 802.11a and 802.11g compliant products in the United States. A list of the products covered by the injunction is attached here . The injunction does not prohibit sales of pre-existing inventories of products by Buffalo's customers. In addition, Buffalo has secured CSIRO's agreement to permit the replacement of defective products under warranty. None of Buffalo's other products are currently affected by this injunction.
    While Buffalo believes that it will be successful in reversing the district court's decision and will obtain a stay of the injunction pending a decision on the merits, the Court of Appeals has not yet issued a decision. Should the Court of Appeals issue a decision staying the injunction, you will be promptly notified. After the stay is issued or a favorable decision on the merits is obtained, Buffalo will be able to resume the supply of IEEE 802.11a and 802.11g products
    Please rest assured that Buffalo continues to stand behind their products and will continue to support all of our loyal customers as it relates to product warranties, technical support and the like without interruption.

    I suspect after reading the patent and the litigation that you mentioned above, that the US District Court decision will be reversed as the patent appears to be very vague in its contsruction and verbage. Furthermore, the intent to hold the IEEE hostage on the ratification of 802.11n will not bode well in the court's eyes. If in fact the case is reversed, I believe that the members of CSIRO will be in danger of lost profits litigation from Buffalo. Stay tuned to this bat channel.

  • About 802.1x port authentication using TACACS+

    Hi
    I have some question. Please help me. Thanks.
    Question1. May I use that 802.1x port authentication using TACACS+
    Question2. Is it true? TACACS+ will not work with 802.1x because EAP is not supported in TACACS+, and there are no plans to get EAP over TACACS+.
    Any help would be greatly appreciated.
    Thanks.

    Thanks to you.
    Where to find the documents about Tacacs+ doesn't support EAP?
    I cast more time and I cannot find the documents.
    Please help me....
    Thanks.

  • MAB, 802.1x and ACS 4.2

    Hi all,
    Currently i'm using an ACS4.2 as radius server, some switch 2960-s ios 12.2.(55)se5, ipphone Alcatel iptouch 4018 and i would like to assign dinamic vlan to some specific users/laptop Daisy-chained to ip phone.
    Logic connection is:   users laptop---->ipphone---->switch---->radius
    What i need is:
    if I connect MY laptop to the ipphone port, i receive a specific vlan ( vlan 58 )
    if SOMEONE else ( i.e. a consultant ) connect his laptop to the SAME ipphone port (if available) he has to receive a different vlan ( vlan 1).
    I've been able to reach the goal using MACRO but it tooks too much time to authenticate ( approx 1 min ) so i give up and tried a different faster  way ( 802.1x and MAB ).
    i've been able to authenticate the ip-phone using 802.1x auth and to receive the correct vlan when i connect MY laptop (MAB auth)  but i was not able to provide the VLAN 1 to the Consultant when he connect his laptop even if the "authentication event fail action authorize vlan 1"  is configured.
    I used the dot1x auth-fail vlan  because i'm not able to use MAB or 802.1x auth on external laptop. I also tried with guest vlan with no luck.
    In both case the "consultant" remain in "auth failed"
    Here my current configuration
    dot1x system-auth-control
    dot1x guest-vlan supplicant
    identity profile default
    interface GigabitEthernet1/0/1
     switchport mode access
     switchport voice vlan 30
     authentication host-mode multi-auth
    authentication event fail action authorize vlan 1
     authentication order mab dot1x
     authentication port-control auto
     mab
     dot1x pae authenticator
     dot1x timeout tx-period 2
     dot1x max-reauth-req 1
     storm-control broadcast level 2.00
     storm-control multicast level 2.00
     spanning-tree portfast
    On ACS side i have 2 groups
    first Group authenticate the iphone and supply the voice vlan ( vlan 30)
    Second Group authenticate using MAB and supply the vlan 58
    is there a different way to accomplish this task?
    Thank you in advance

    hi,
    any ideas?
    thx

  • 802.1X and CAT Express 500

    Hi guys,
    I want to know if the Cat Express 500 support dynamic vlan assigment through 802.1X.

    Hi,
    You can do the vlan arrisgnment using 802.1x on CE500. The configuration for 802.1X and Radius authentication server can be done with the help of Cisco Network Assistant (CNA). In the menu Network Security Settings you have to put the
    security level on high. There is the possibility to configure the IP address of the RADIUS server and the RADIUS key.
    In case you don?t have the CNA, you can download it for free from:
    http://www.cisco.com/cgi-bin/tablebuild.pl/NetworkAssistant
    HTH, Please rate if it does.
    -amit singh

Maybe you are looking for

  • CMS System to create a page on the server

    Hi all, I am looking for a way for ColdFusion to create and save an html (or cfml) page generated by a user entering text into a form field on an html template page and submitting the text. I am looking to build an email system to allow the client to

  • SQLException in the audit log for the Message Display Tool

    Hi I´m newbie in PI Technology, and i have some issues when i try to do the next. This is the scenario: I need to communicate two systems, for one side i have SAP, and for the other side i have ADI (legal system) so, i use PI to do this (the communic

  • 542 Material document issue

    Dear all, We have sent material to another plant for placing stock using 57F4 challan,challan return date is about to expire soon, so we made 542 mvmt with reference to purchase order,material is brought back to orginal plant location, But problem he

  • How to find out if an INDEX is corrupt and how to rebuild it ?

    How can I find out (from SQL script) if a given INDEX is corrupt and needs to be rebuild ? And how do I rebuild it ?

  • How do I learn to make truly interactive graphics (beginner)?

    Hello. I would appreciate some guidance to learn how to make truly interactive graphics for the web. I am a beginner, with most of my experience in print design. I am not an experienced high level coder, and the less I have to understand about coding