Help with 4506 802.1x Port Based Authentication (Wired)
Hi all,
I'm trying to configure wired 802.1x security on a Catalyst 4506 IOS 12.1.19(EW), using Microsoft IAS (Microsoft's RADIUS), and Windows 2000 SP4 clients.
I've followed the procedures in the 4506 Software configuration guide and they seem to be straight forward.
I then turn 802.1x Debugging on the switch to monitor the 802.1x traffic, but there is none. If I bring the configured interface down and then back up, I do get some status change, but it seems like the switch is not sending or receiving EAPOL frames.
I then execute the dot1x "initialize" and also tried the "re-authenticate" commands, but I get an error saying that FastEthernet 2/2 is not a valid dot1x interface. The line card model number is WS-X4148-RJ21. Is the card not 802.1x compatible?
The switch does not throw any errors when I configure FastEthernet 2/2 as a 802.1x port by executing
dot1x port-control auto
i've also configured the interface to be a plain L2 access port by executing
switchport mode access
any help will be appreciated!
I am currently trying to get 802.1x port authentication working on a Cat3550 against Win2003 IAS but the IAS log shows a invalid message-authenticator error. The 3550 just shows failed. When I authenticate against Cisco ACS (by simply changing the radius-server) it works perfectly.
However, I am successfully using IAS to authenticate WPA users on AP1210s so RADIUS appears to be OK working OK.
Are there special attributes that need to be configured on the switch or IAS?
Similar Messages
-
802.1X Port Based Authentication - IP Phone- MDA - Port Security Violation
I have configured 802.1X authentication on selected ports of a Cisco Catalyst 2960S with Micorsoft NPS Radius authentication on a test LAN. I have tested the authentication with a windows XP laptop, a windows 7 laptop with 802.1X, eap-tls authentication and a Mitel 5330 IP Phone using EAP-MD5 aithentication. All the above devices work with with the MS NPS server. However in MDA mode when the 802.1x compliant windows 7 laptop is connected to the already authenticated Mitel IP Phone, the port experiences a security violation and the goes into error sdisable mode.
Feb 4 19:16:16.571: %AUTHMGR-5-START: Starting 'dot1x' for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
Feb 4 19:16:16.645: %DOT1X-5-SUCCESS: Authentication successful for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
Feb 4 19:16:16.645: %PM-4-ERR_DISABLE: security-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state
Feb 4 19:16:17.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
Feb 4 19:16:18.658: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
If the port config is changed to "authentication host-mode multi-auth", and the laptop is connected to the phone the port does not experience the security violation but the 802.1x authentication for the laptop fails.
The ports GI1/0./1 & Gi1/02 are configured thus:
interface GigabitEthernet1/0/1
switchport mode access
switchport voice vlan 20
authentication event fail action authorize vlan 4
authentication event no-response action authorize vlan 4
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
mab
mls qos trust cos
dot1x pae authenticator
spanning-tree portfast
sh ver
Switch Ports Model SW Version SW Image
* 1 52 WS-C2960S-48FPS-L 15.2(1)E1 C2960S-UNIVERSALK9-M
Full config attached. Assistance will be grately appreciated.
DonfricoI am currently trying to get 802.1x port authentication working on a Cat3550 against Win2003 IAS but the IAS log shows a invalid message-authenticator error. The 3550 just shows failed. When I authenticate against Cisco ACS (by simply changing the radius-server) it works perfectly.
However, I am successfully using IAS to authenticate WPA users on AP1210s so RADIUS appears to be OK working OK.
Are there special attributes that need to be configured on the switch or IAS? -
802.1X Port Based Authentication Security Violation
I have configured 802.1X authentication on selected ports of a Cisco Catalyst 2960S with Micorsoft NPS Radius authentication on a test LAN. I have tested the authentication with a windows XP laptop, a windows 7 laptop with 802.1X, eap-tls authentication and a Mitel 5330 IP Phone using EAP-MD5 aithentication. All the above devices work with with the MS NPS server. However in MDA mode when the 802.1x compliant windows 7 laptop is connected to the already authenticated Mitel IP Phone, the port experiences a security violation and the goes into error sdisable mode.
Feb 4 19:16:16.571: %AUTHMGR-5-START: Starting 'dot1x' for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
Feb 4 19:16:16.645: %DOT1X-5-SUCCESS: Authentication successful for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
Feb 4 19:16:16.645: %PM-4-ERR_DISABLE: security-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state
Feb 4 19:16:17.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
Feb 4 19:16:18.658: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
If the port config is changed to "authentication host-mode multi-auth", and the laptop is connected to the phone the port does not experience the security violation but the 802.1x authentication for the laptop fails.
The ports GI1/0./1 & Gi1/02 are configured thus:
interface GigabitEthernet1/0/1
switchport mode access
switchport voice vlan 20
authentication event fail action authorize vlan 4
authentication event no-response action authorize vlan 4
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
mab
mls qos trust cos
dot1x pae authenticator
spanning-tree portfast
sh ver
Switch Ports Model SW Version SW Image
* 1 52 WS-C2960S-48FPS-L 15.2(1)E1 C2960S-UNIVERSALK9-M
Full config attached. Assistance will be grately appreciated.
DonfricoI believe , you need to configure re-authentication on this switch port:
! Enable re-authentication
authentication periodic
! Enable re-authentication via RADIUS Session-Timeout
authentication timer reauthenticate server -
IEEE 802.1x Port based Authentication with Restricted VLAN
Hi all,
I have the following configuration:
aaa new-model
aaa authentication dot1x default group radius
aaa authorization exec default local
dot1x system-auth-control
radius-server host 10.10.10.10 key cisco
interface FastEthernet0/1
switchport mode access
authentication event fail retry 1 action authorize vlan 2
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast
But it takes quite a while for the user who is not authorized to be switch to vlan 2.
I would like to know what is best practice when using this kind of configuration and if it is possible to optimize on how long it takes to switch the unauthorized user to the restricted VLAN?
Regards,
LaurentLaurent,
Based on your configuration it looks as if it will take one retry attempt before the client is placed in vlan2. Try to remove the 'retry 1' from command and see if that speeds up the time. Also take the output of the 'show authentication sessions interface '. Please post the output of the 'debug radius authentication' as that will help to see how long it is taking the radius server to respond.
thanks,
Tarik Admani -
IEEE 802.1x port-based authetication
I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone.
I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.Hi Claudia,
do you mean that the EAP-TLS authentication fails only on some 2960 switches and it works on other 2960s?
What is the IOS version you're using there?
What is the RADIUS server in use?
What is the exact error message you see on the RADIUS side?
Usually, the reason for the EAP-TLS handshake failure is to be troubleshoot on the supplicant and AAA server, however, there may be something on the switch depending on the certificate size and MTU settings on the switch(es).
What is the server cert size and the MTU configured on the switches?
With the info you provided it's difficult to say what's the reason of this failure.
I would suggest to start looking into the above mentioned topics, else you would need to proceed with deeper debugging and sniffer traces, which may be better/easier to handle through a TAC case.
I hope this helps.
Regards,
Federico
If this answers your question please mark the question as "answered" and rate it, so other users can easily find it. -
802.1x mac based authentication
We have Cisco ACS 3.3 is there a way to do authentication based on mac address, instead of username and password? We are looking to stop things such as user purchased access points and what not. Any info would be great.
Yes you are right, I misunderstood you. I was under the impression that you were talking about doing MAC based authentication on your AP's, not the switches. That is why I made mention to port security.
The 2 options would be standard port security or 802.1x port security if you switches support this.
In order to use the 802.1X port security, your switch would need to support it and the clients connecting to the switch would require a supplicant (EAP-TLS, EAP-TTLS, etc) in order for them to work, not by MAC address alone.
You can configure standard port security on the switch which will accomplish your intentions and not even need to use the ACS server.
standard port base security by MAC:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008007d3ce.html
802.1x port based security:
http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801a6c72.html -
Port-Based Authentication on 877
Hi
I have applied following commands to enable Port-Based Authentication but when I run command sh mac address-table it shows static mac on this port ( xx 0000.xxxx.xxxx STATIC Gi1/0/3) .
authentication control-direction in
authentication event fail retry 1 action authorize vlan xx
authentication event no-response action authorize vlan xx
authentication host-mode multi-domain
authentication order dot1x mab
authentication port-control auto
authentication violation protect
mab
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 10
dot1x timeout supp-timeout 10
As I remove command authentication port-control auto then sh mac address-table command shows me DYNAMIC MAC.
Anyone can please let explain me why it is happing
Regards,Any input?
-
Considerations for 802.1x Port Based and Wi-Fi Certificate Authentication
Lately, we have been going back and for with the thought of doing certificate authentication for Wi-Fi and Port. We have Server 2012 PKI and CA and it seems fairly straight forward to pump out a certificate to a user and have them authenticate with their
certificate to a RADIUS/NPS. However, every time I mention our thoughts with consultants or others they seem to cringe saying that they've seen this deployment cripple networks.
We have almost 50 branch retail locations (with hub-spoke topology - all have VPN tunnels to corporate and also a disaster recovery location) and their internet isn't always super stable and they absolutely need to have network access at all times because
they are running Point Of Sale. Right now, if their internet fails, they can remain functional because we have the necessary pieces at all locations to keep a Windows network going but I'm afraid that if we force 802.1x certificate authentication for the switch
ports and Wi-Fi that if their internet goes down, they won't be able to authenticate since the authentication server will be at corporate. I am curious as to how people deal with:
1. Fail over to a disaster recovery authentication server if Corporate connection goes down
and:
2. If internet fails locally and can no longer communicate with any authentication server. Is there some sort of scale-out? It seems complicated since (if I'm not mistaken) it needs access to the CRL to validate certificates and also a Network Policy Server
for the authentication and so on.
What we're really trying to accomplish is to prevent people from bringing in a laptop or device with an Ethernet port and removing an existing device and plugging into the port in its place. MAC filtering doesn't seem like a good solution on a large scale,
nor a super secure option so it seemed like 802.1x certificate seemed to be the most flexible without having to go full NAP/NAC. Anyhow, sorry for the lengthy post and I really appreciate your time in advance!Re-authentication could be triggered by the NPS, the switch / AP or the client:
NPS: There is a bunch of attributes to be configured in the Network Policy that determine the time a machine can remain connected such as Idle Timeout and Session Timeout. (When WEP was still common the session timeout had been used to enforce
a change of the insecure key.) Otherwise, the machine should remain connected as far as NPS is concerned.
Switch / AP: Depends on the configuration, e.g. re-authentication has to be triggered if the link went down. If a user plugs a cable or accidentally disable WLAN on his machine when the internet link he will not be able to reconnect.
Then I have seen some options similar to the NPS options, and switches could have their own session timeouts or be configured for respecting the radius server's setting.
Client: The term "re-authentication" is also used happens if you have to / want to use both machine and user authentication: When the machine starts up, the machine account is authenticated; when the user logs on the user is authenticated;
when the user logs off the machine is authenticated again. Per GPO you configure the machines for this kind of re-authentication (the default) or use machine-only or user-only authentication instead.
It might be a challenge to manage and test these settings if you have to support many different APs / switches and different WLAN devices.
I would recommend to carefully test it with a pilot group of users.
Would you have any chance to turn off 802.1x on the switches / APs in case of a major outage? I guess not as you would be able to manage them remotely? -
802.1x Machine Based Authentication - Password expired
Hi,
I would like to ask 1 question about machine based authentication on 802.1x.
1.We are deploying 802.1x on wired user.
2.Some user are using machine based authentication in order to authenticate their port.
3.However, after the user password expired, the user need to change their password and then the machine are unable to authenticate. The error i got is "External DB user invalid or bad password". Then switch assign the user to Guest Vlan
4.But, once i plug out the cable and plug in back the UTP cable after the user login, the switch will assigned the user to proper VLAN.
5.User wont be able to access their share drive n etc since the guest vlan only have access to the internet.
5.Anyone have any idea what is happening? It seems that the machine is sending the old password during authentication process to the ACS.
Anybody can shed a light to me. Thanks.This should certainly work with that rev. On your passed (or failed) auth log, you should see the username of the session authenticating. If you see the FQDN of the machine, this is a machine auth. Also, machine-auth typically executes before the GINA is displayed to the user. It sounds like machine-auth is failing and we need to determine why. Has this machine been away from the domain for long?
This also might help:
http://supportwiki.cisco.com/ViewWiki/index.php/802.1x_authentication_with_Cisco_Secure_Access_Control_Server_fails_to_work_for_Microsoft_Windows_XP_PC -
Help with configuring AP-1240AG as local authenticator for EAP-FAST client
Hi,
I am trying to configure an AP-1240AG as a local authenticator for a Windows XP client with no success. Here is a part of the AP configuration:
dot11 lab_test
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
infrastructure-ssid
radius-server local
eapfast authority id 0102030405060708090A0B0C0D0E0F10
eapfast authority info lab
eapfast server-key primary 7 211C7F85F2A6056FB6DC70BE66090DE351
user georges nthash 7 115C41544E4A535E2072797D096466723124425253707D0901755A5B3A370F7A05
Here is the Windows XP client configuration:
Authentication: Open
Encrpytion WEP
Disable Cisco ccxV4 improvements
username: georges
password: georges
Results: The show radius local-server statistics does not show any activity for the user georges and the debug messages are showing the following:
*Mar 4 01:15:58.887: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
*Mar 4 01:16:28.914: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
*Mar 4 01:16:56.700: RADIUS/ENCODE(00001F5C):Orig. component type = DOT11
*Mar 4 01:16:56.701: RADIUS: AAA Unsupported Attr: ssid [263] 19
*Mar 4 01:16:56.701: RADIUS: [lab_test]
*Mar 4 01:16:56.701: RADIUS: 65 [e]
*Mar 4 01:16:56.701: RADIUS: AAA Unsupported Attr: interface [156] 4
*Mar 4 01:16:56.701: RADIUS: 38 32 [82]
*Mar 4 01:16:56.701: RADIUS(00001F5C): Storing nasport 8275 in rad_db
*Mar 4 01:16:56.702: RADIUS(00001F5C): Config NAS IP: 10.5.104.22
*Mar 4 01:16:56.702: RADIUS/ENCODE(00001F5C): acct_session_id: 8026
*Mar 4 01:16:56.702: RADIUS(00001F5C): sending
*Mar 4 01:16:56.702: RADIUS/DECODE: parse response no app start; FAIL
*Mar 4 01:16:56.702: RADIUS/DECODE: parse response; FAIL
It seems that the radius packet that the AP receive is not what is expected. Do not know if the problem is with the client or with the AP configuration. Try many things but running out of ideas. Any suggestions would be welcome
ThanksHi Stephen,
I do not want to create a workgroup bridge, just want to have the wireless radio bridge with the Ethernet port. I will remove the infrastructure command.
Thanks for your help
Stephane
Here is the complete configuration:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Lab
ip subnet-zero
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 lab_test
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
infrastructure-ssid
power inline negotiation prestandard source
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid lab_test
traffic-metrics aggregate-report
speed basic-54.0
no power client local
channel 2462
station-role root
antenna receive right
antenna transmit right
no dot11 extension aironet
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 10.5.104.22 255.255.255.0
ip default-gateway 10.5.104.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
eapfast authority id 000102030405060708090A0B0C0D0E0F
eapfast authority info LAB
eapfast server-key primary 7 C7AC67E296DF3437EB018F73BE00D822B8
user georges nthash 7 14424A5A555C72790070616C03445446212202080A75705F513942017A76057007
control-plane
bridge 1 route ip
line con 0
line vty 0 4
end -
Looking for help with javascript to autofill checkboxes based on a numeric value.
I have a numeric field that I would like to have 1 - checkbox
out of five autofilled based on a numeric value.
For instance the numeric value is TotalPoints
If the TotalPoints Value is >10 autofill this checkbox
If the TotalPoints Value is 10 - 19 autofill this checkbox
If the TotalPoints Value is 20 - 49 autofill this checkbox
If the TotalPoints Value is 50 - 69 autofill this checkbox
If the TotalPoints Value is 70+ autofill this checkbox
Assistance in writing the correct script for this would be greatly appreciated.All the checkboxes have separate names.
Check box #1 is AssetClass.0 with the export value of 1
Check box #2 is AssetClass.1 with the export value of 2
Check box #3 is AssetClass.2 with the export value of 3
Check box #4 is AssetClass.3 with the export value of 4
Check box #5 is AssetClass.4 with the export value of 5
Score and StrategyUse the following calculation to determine your point score and indentify the appropriate strategy listed below.A. Add your points for questions 1 – 2.
B. Add your points for questions 3 – 12.
C. Subtract B from A. (Numeric Text Box) name is TotalPoints
Points Strategy Asset Class Mix (check boxes as named above)
0 – 10 Primarily Fixed Income: 80% Fixed Income; 20% Equity
10 – 19 Balanced Fixed Income-Oriented: 60% Fixed Income; 40% Equity
20 – 49 Balanced Equity-Oriented: 40% Fixed Income; 60% Equity
50 – 69 Primarily Equity: 20% Fixed Income; 80% Equity
70+ Equity: 95%; 5% Cash -
Help with file uploader, php script, Windows Authentication
I am trying to setup a really basic web-based file uploader that I will expand upon later. I have the flex application working well enough (very basic). However, I have a php script in a secure folder using windows authentication. When I try to send the file to the script, it doesn't seem to like my credentials, and refuses to do anything. I do not get an error message; just nothing happens.
My questions are:
Does anybody know where I should've looked before posting this thread?
Do I even have PHP set up correctly? (At first I just made a txt file and put a .php extension on it, then I tried to setup PHP on the server, but it was a little confusing for me)
Is Windows Authentication the problem?
I do plan on implementing SQL Server in the future (to keep track of Files and user-defined attributes for files), but I do not want to store the files in SQLserver, just their pathnames.
Is there a simple way to use ColdFusion (for free) to acheive this end?
I am somewhat experienced at coding applications, but am totally new to server-side scripts.
This is my php script:
<?php
$tempFile = $_FILES['Filedata']['tmp_name'];
$fileName = $_FILES['Filedata']['name'];
$fileSize = $_FILES['Filedata']['size'];
move_uploaded_file($tempFile, "./" . $fileName);
?>
This is my flex application:
<?xml version="1.0" encoding="utf-8"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600">
<fx:Script>
<![CDATA[
private var fileRef:FileReference
private var uploadFilePath:String
private function selectFile():void
fileRef = new FileReference();
fileRef.addEventListener(Event.SELECT, fileRef_select);
fileRef.browse();
private function fileRef_select(evt:Event):void
fileRef.upload(new URLRequest("http://SERVERLOCATION/PDFUploader.php"));
]]>
</fx:Script>
<s:Button top="30" left="5" label="Browse" click="selectFile()"/>
</s:Application>
Thanks to any who take the time to respond.Hey, so far all I have found is this tutorial.. I'm about to try it out
http://www.smartwebby.com/Flash/external_data.asp -
Help with internet cam and ports
I have a Linksys WVC54GCA wireless Internet cam. I have set the IP to a static address. Created a DDNs account and have the address. I can see the site/cam on any computer on my network but cant seem to get it to port forward out . Help from anyone would be great. Thanks
That is strange, because.
Earlier when you posted what your domain was, I went to http://network-tools.com/
and entered that domain name, you where ping-able / traceroute-able / I could find out the correct public IP and ISP address behind that domain.
But now, I can not see the correct IP address.
Now I am starting to wonder about what is going on..
I think know what was going on, why you could not connect to your self by public IP.
Auth failed, solve that first. Then I will tell you what to do..
That means...
While I don't use the same DDNS provider: Make sure that, you:
#1 Are not running any DDNS client on the computer too. That, I, suspect will cause that issue.
Run the DDNS client either on the router (if the router supports it) or on a computer behind that router.
#2 You enter in the correct user name and password ( "password" is not the same as "Password" )
Message Edited by dslr595148 on 10-21-2008 03:20 PM
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button. -
Need help with Math functions for text-based calculator!!!
I have the calculator working but I am having trouble figuring out thow to do a square root function, nth factorial, absolute value, and Fibonacci. Basically i got the easy part done. Also I am using the case to do the funtions but I am not sure if there are symbols on the keyboard that are commonly used for these funtions so i just made some up. I am new to java and this is only my second assignment so any help would be appreciated. Thanks
import java.util.*;
import java.math.*;
public class calculator
static Scanner console=new Scanner(System.in);
public static void main(String[]args)
double num1=0,num2=0;
double result=0;
char expression;
char operation;
String Soperation;
System.out.println("Enter ? for help or enter the operation in which to be processed");
Soperation=console.next();
operation = Soperation.charAt(0);
switch(operation)
case '+':
System.out.println("Please the first number");
num1=console.nextInt();
System.out.println("Please enter the second number");
num2=console.nextInt();
result=num1+num2;
break;
case'-':
System.out.println("Please the first number");
num1=console.nextInt();
System.out.println("Please enter the second number");
num2=console.nextInt();
result=num1-num2;
break;
case'*':
System.out.println("Please the first number");
num1=console.nextInt();
System.out.println("Please enter the second number");
num2=console.nextInt();
result=num1*num2;
break;
case'/':
System.out.println("Please the first number");
num1=console.nextInt();
System.out.println("Please enter the second number");
num2=console.nextInt();
if(num2==0)
System.out.println("Cannot Divide by Zero");
result=num1/num2;
break;
//square root
case'^':
System.out.println("Please enter a number");
break;
//fibonacci
case'#':
System.out.println("Please enter the position of the Fibonacci number");
break;
//factorial
case'!':
System.out.println("Please enter the number for factoring");
break;
//absolute value
case'&':
System.out.println("Please enter a number");
num1=console.nextInt();
result=num1;
break;
// help funtion
case'?':
System.out.println("Type + for addition, - for subtraction");
System.out.println("* for multipliction, / for division,^ for the square root");
System.out.println(" & for absolute value, # for fibonacci,and ! for factorial");
break;
System.out.println("The result is:"+result);
}rmabrey wrote:
I have the calculator working but I am having trouble figuring out thow to do a square root function, nth factorial, absolute value, and Fibonacci. java.lang.Math.sqrt()
nothing for factorial - write your own.
java.lang.Math.abs()
nothing for Fibonacci - write your own.
% -
802.1x port authentication not working
I am having some troubles figuring out what is going on here. I am trying to setup 802.1x port based authentication to assign clients to VLANs. I inherited this mess and its been a long time since I have used this. I ran a wireshark on my Radius server and I see no packets even coming from my switch IP address when I plug into a port (I verified communication because pings come up in my trace)
Switch info:
sw-ConfB>sho ver
Cisco IOS Software, C2960C Software (C2960c405-UNIVERSALK9-M), Version 12.2(55)EX3, RELEASE SOFTWARE (fc2)
Port config:
interface FastEthernet0/11
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
Radius Server Info:
radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
Kinda lost why not Radius packet even comes from the switch. Any tips?sw-ConfB#sho ru
Building configuration...
Current configuration : 6301 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname sw-ConfB
boot-start-marker
boot-end-marker
enable secret 5 $1$3QAC$puzutRpCI5zR3Xv55xBVH0
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa session-id common
system mtu routing 1500
crypto pki trustpoint TP-self-signed-706182400
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-706182400
revocation-check none
rsakeypair TP-self-signed-706182400
crypto pki certificate chain TP-self-signed-706182400
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37303631 38323430 30301E17 0D393330 33303130 30303430
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3730 36313832
34303030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C72AE421 F5BF8C62 7C9E14C1 E73686FB 67DD760A 0C6C790D 935143A0 8DD96CC8
D14A11C1 D16F9583 AE3B591E 68581049 1C837110 1B1C0398 BDE81C86 3F80CD45
E55EBE76 73B9F7AB 5F14CBD5 2BD38330 E1B4FA92 32490A66 CE0BE135 9B695D97
BF7C04FB 2999CF98 2336E82C 559A89C1 7F4E2948 1D73EBD4 236E4DD9 4D8675AB
02030100 01A36930 67300F06 03551D13 0101FF04 05300301 01FF3014 0603551D
11040D30 0B820973 772D436F 6E66422E 301F0603 551D2304 18301680 14C35330
A1D32EA5 C2A07CC9 B1B3CCDB EB93CAA7 02301D06 03551D0E 04160414 C35330A1
D32EA5C2 A07CC9B1 B3CCDBEB 93CAA702 300D0609 2A864886 F70D0101 04050003
8181002E FC217BF1 F9E6FBE1 B07270A6 79A57AA5 691A949D C61C00C2 09C1C3CA
CA14EE07 60BA058E CFDCD8E7 19D83B68 5F06B92C 8612B396 B18BA823 C0E83021
2EFD391E 06113246 5609E287 7883422A 0513AF6D 5BF03CDE 92786B1D 3E01284C
1EE23296 12999C71 BE8A5BEA 4B768F7E 6EB63E05 B71AF375 7FB72B98 7665BF45 D14622
quit
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/2
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/3
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/4
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/5
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/6
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/7
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/8
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/9
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/10
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/11
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface FastEthernet0/12
switchport access vlan 900
switchport mode access
authentication event fail action authorize vlan 900
authentication event no-response action authorize vlan 900
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
interface GigabitEthernet0/1
switchport trunk native vlan 200
switchport trunk allowed vlan 100,200,900
switchport mode trunk
interface GigabitEthernet0/2
switchport access vlan 100
switchport mode access
interface Vlan1
no ip address
interface Vlan100
ip address 10.0.1.3 255.255.255.0
interface Vlan200
ip address 10.0.2.4 255.255.255.0
interface Vlan900
ip address 10.0.9.4 255.255.255.0
ip default-gateway 10.0.1.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
radius-server retransmit 5
radius-server key secret
radius-server vsa send authentication
Maybe you are looking for
-
time machine keep giving error 2, i have reformatted drive already, run safe disk boot on internal drive, i have also gone through suggested steps on pondini.org, deleted time capsule prefs here is sample of info from console 12/15/13 9:33:12.769 AM
-
Stuck with compiling a source file
Hi, I'm stuck with this strange problem and i desperately need some help. My source file is in the D drive inside the package named objectwrite. The source file X.java is extending an abstract class named Y. When i'm trying to compile the files using
-
How do you change the color of a page item that is a static source
I have a page item that does not have a label but the source of the item is always static. It will always show INCOMING in this source. INCOMING is hard coded under Source in the Source value or expression. The customer wants the word INCOMING to be
-
Installation Error for NW2004s Java SP9 Trial
Hello, I tried to install trial version on XP professional as well as Windows 2003 server (separate computers). Every time I get error exactly at the same place. I go through first 3 / 4 screens, when I specify correct JCE zip file. It fails with fol
-
HT4718 An error. Occurs while trying to run this installations
I Have bought a second hand MacBook Air from a friend, we have been unable to re install maverick o sx, an error occurs during the verification process. any advice?