Help with 4506 802.1x Port Based Authentication (Wired)

Similar Messages

• 802.1X Port Based Authentication - IP Phone- MDA - Port Security Violation

  I have configured 802.1X authentication on selected ports of a Cisco Catalyst 2960S with Micorsoft NPS Radius authentication on a test LAN. I have tested the authentication with a windows XP laptop, a windows 7 laptop with 802.1X, eap-tls authentication and a Mitel 5330 IP Phone using EAP-MD5 aithentication. All the above devices work with with the MS NPS server. However in MDA mode when the  802.1x compliant  windows 7 laptop is connected to the already authenticated Mitel IP Phone, the port experiences a security violation and the goes into error sdisable mode.
  Feb  4 19:16:16.571: %AUTHMGR-5-START: Starting 'dot1x' for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %DOT1X-5-SUCCESS: Authentication successful for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %PM-4-ERR_DISABLE: security-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state
  Feb  4 19:16:17.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
  Feb  4 19:16:18.658: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
  If the port config  is changed to "authentication host-mode multi-auth", and the laptop is connected to the phone the port does not experience the security violation but the 802.1x authentication for the laptop fails.
  The ports GI1/0./1 & Gi1/02 are configured thus:
  interface GigabitEthernet1/0/1
  switchport mode access
  switchport voice vlan 20
  authentication event fail action authorize vlan 4
  authentication event no-response action authorize vlan 4
  authentication event server alive action reinitialize
  authentication host-mode multi-domain
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  mab
  mls qos trust cos
  dot1x pae authenticator
  spanning-tree portfast
  sh ver
  Switch Ports Model              SW Version            SW Image
  *    1 52    WS-C2960S-48FPS-L  15.2(1)E1             C2960S-UNIVERSALK9-M
  Full config attached. Assistance will be grately appreciated.
  Donfrico

  I am currently trying to get 802.1x port authentication working on a Cat3550 against Win2003 IAS but the IAS log shows a invalid message-authenticator error. The 3550 just shows failed. When I authenticate against Cisco ACS (by simply changing the radius-server) it works perfectly.
  However, I am successfully using IAS to authenticate WPA users on AP1210s so RADIUS appears to be OK working OK.
  Are there special attributes that need to be configured on the switch or IAS?

• 802.1X Port Based Authentication Security Violation

  I have configured 802.1X authentication on selected ports of a Cisco Catalyst 2960S with Micorsoft NPS Radius authentication on a test LAN. I have tested the authentication with a windows XP laptop, a windows 7 laptop with 802.1X, eap-tls authentication and a Mitel 5330 IP Phone using EAP-MD5 aithentication. All the above devices work with with the MS NPS server. However in MDA mode when the  802.1x compliant  windows 7 laptop is connected to the already authenticated Mitel IP Phone, the port experiences a security violation and the goes into error sdisable mode.
  Feb  4 19:16:16.571: %AUTHMGR-5-START: Starting 'dot1x' for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %DOT1X-5-SUCCESS: Authentication successful for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %PM-4-ERR_DISABLE: security-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state
  Feb  4 19:16:17.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
  Feb  4 19:16:18.658: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
  If the port config  is changed to "authentication host-mode multi-auth", and the laptop is connected to the phone the port does not experience the security violation but the 802.1x authentication for the laptop fails.
  The ports GI1/0./1 & Gi1/02 are configured thus:
  interface GigabitEthernet1/0/1
  switchport mode access
  switchport voice vlan 20
  authentication event fail action authorize vlan 4
  authentication event no-response action authorize vlan 4
  authentication event server alive action reinitialize
  authentication host-mode multi-domain
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  mab
  mls qos trust cos
  dot1x pae authenticator
  spanning-tree portfast
  sh ver
  Switch Ports Model              SW Version            SW Image
  *    1 52    WS-C2960S-48FPS-L  15.2(1)E1             C2960S-UNIVERSALK9-M
  Full config attached. Assistance will be grately appreciated.
  Donfrico

  I believe , you need to configure re-authentication on this switch port:
  ! Enable re-authentication
  authentication periodic
  ! Enable re-authentication via RADIUS Session-Timeout
  authentication timer reauthenticate server

• IEEE 802.1x Port based Authentication with Restricted VLAN

  Hi all,
  I have the following configuration:
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization exec default local
  dot1x system-auth-control
  radius-server host 10.10.10.10 key cisco
  interface FastEthernet0/1
  switchport mode access
  authentication event fail retry 1 action authorize vlan 2
  authentication port-control auto
  dot1x pae authenticator
  spanning-tree portfast
  But it takes quite a while for the user who is not authorized to be switch to vlan 2.
  I would like to know what is best practice when using this kind of configuration  and if it is possible to optimize on how long it takes to switch the unauthorized user to the restricted VLAN?
  Regards,
  Laurent

  Laurent,
  Based on your configuration it looks as if it will take one retry attempt before the client is placed in vlan2. Try to remove the 'retry 1' from command and see if that speeds up the time. Also take the output of the 'show authentication sessions interface '. Please post the output of the 'debug radius authentication' as that will help to see how long it is taking the radius server to respond.
  thanks,
  Tarik Admani

• IEEE 802.1x port-based authetication

  I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone.
  I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.

  Hi Claudia,
  do you mean that the EAP-TLS authentication fails only on some 2960 switches and it works on other 2960s?
  What is the IOS version you're using there?
  What is the RADIUS server in use?
  What is the exact error message you see on the RADIUS side?
  Usually, the reason for the EAP-TLS handshake failure is to be troubleshoot on the supplicant and AAA server, however, there may be something on the switch depending on the certificate size and MTU settings on the switch(es).
  What is the server cert size and the MTU configured on the switches?
  With the info you provided it's difficult to say what's the reason of this failure.
  I would suggest to start looking into the above mentioned topics, else you would need to proceed with deeper debugging and sniffer traces, which may be better/easier to handle through a TAC case.
  I hope this helps.
  Regards,
  Federico
  If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

• 802.1x mac based authentication

  We have Cisco ACS 3.3 is there a way to do authentication based on mac address, instead of username and password? We are looking to stop things such as user purchased access points and what not. Any info would be great.

  Yes you are right, I misunderstood you. I was under the impression that you were talking about doing MAC based authentication on your AP's, not the switches. That is why I made mention to port security.
  The 2 options would be standard port security or 802.1x port security if you switches support this.
  In order to use the 802.1X port security, your switch would need to support it and the clients connecting to the switch would require a supplicant (EAP-TLS, EAP-TTLS, etc) in order for them to work, not by MAC address alone.
  You can configure standard port security on the switch which will accomplish your intentions and not even need to use the ACS server.
  standard port base security by MAC:
  http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008007d3ce.html
  802.1x port based security:
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801a6c72.html

• Port-Based Authentication on 877

  Hi 
  I have applied following commands to enable Port-Based Authentication but when I run command sh mac address-table it shows static mac on this port   (  xx    0000.xxxx.xxxx    STATIC      Gi1/0/3) .  
  authentication control-direction in
  authentication event fail retry 1 action authorize vlan xx
  authentication event no-response action authorize vlan xx
  authentication host-mode multi-domain
  authentication order dot1x mab
  authentication port-control auto
  authentication violation protect
  mab
  dot1x pae authenticator
  dot1x timeout quiet-period 10
  dot1x timeout tx-period 10
  dot1x timeout supp-timeout 10
  As I remove command authentication port-control auto then sh mac address-table  command shows me DYNAMIC MAC.
  Anyone can please let explain me why it is happing 
  Regards,

  Any input?

• Considerations for 802.1x Port Based and Wi-Fi Certificate Authentication

  Lately, we have been going back and for with the thought of doing certificate authentication for Wi-Fi and Port. We have Server 2012 PKI and CA and it seems fairly straight forward to pump out a certificate to a user and have them authenticate with their
  certificate to a RADIUS/NPS. However, every time I mention our thoughts with consultants or others they seem to cringe saying that they've seen this deployment cripple networks.
  We have almost 50 branch retail locations (with hub-spoke topology - all have VPN tunnels to corporate and also a disaster recovery location) and their internet isn't always super stable and they absolutely need to have network access at all times because
  they are running Point Of Sale. Right now, if their internet fails, they can remain functional because we have the necessary pieces at all locations to keep a Windows network going but I'm afraid that if we force 802.1x certificate authentication for the switch
  ports and Wi-Fi that if their internet goes down, they won't be able to authenticate since the authentication server will be at corporate. I am curious as to how people deal with:
  1. Fail over to a disaster recovery authentication server if Corporate connection goes down
  and:
  2. If internet fails locally and can no longer communicate with any authentication server. Is there some sort of scale-out? It seems complicated since (if I'm not mistaken) it needs access to the CRL to validate certificates and also a Network Policy Server
  for the authentication and so on.
  What we're really trying to accomplish is to prevent people from bringing in a laptop or device with an Ethernet port and removing an existing device and plugging into the port in its place. MAC filtering doesn't seem like a good solution on a large scale,
  nor a super secure option so it seemed like 802.1x certificate seemed to be the most flexible without having to go full NAP/NAC. Anyhow, sorry for the lengthy post and I really appreciate your time in advance!

  Re-authentication could be triggered by the NPS, the switch / AP or the client:
  NPS: There is a bunch of attributes to be configured in the Network Policy that determine the time a machine can remain connected such as Idle Timeout and Session Timeout. (When WEP was still common the session timeout had been used to enforce
  a change of the insecure key.) Otherwise, the machine should remain connected as far as NPS is concerned.
  Switch / AP: Depends on the configuration, e.g. re-authentication has to be triggered if the link went down. If a user plugs a cable or accidentally disable WLAN on his machine when the internet link he will not be able to reconnect.
  Then I have seen some options similar to the NPS options, and switches could have their own session timeouts or be configured for respecting the radius server's setting.
  Client: The term "re-authentication" is also used happens if you have to / want to use both machine and user authentication: When the machine starts up, the machine account is authenticated; when the user logs on the user is authenticated;
  when the user logs off the machine is authenticated again. Per GPO you configure the machines for this kind of re-authentication (the default) or use machine-only or user-only authentication instead.
  It might be a challenge to manage and test these settings if you have to support many different APs / switches and different WLAN devices.
  I would recommend to carefully test it with a pilot group of users.
  Would you have any chance to turn off 802.1x on the switches / APs in case of a major outage? I guess not as you would be able to manage them remotely?

• 802.1x Machine Based Authentication - Password expired

  Hi,
  I would like to ask 1 question about machine based authentication on 802.1x.
  1.We are deploying 802.1x on wired user.
  2.Some user are using machine based authentication in order to authenticate their port.
  3.However, after the user password expired, the user need to change their password and then the machine are unable to authenticate. The error i got is "External DB user invalid or bad password". Then switch assign the user to Guest Vlan
  4.But, once i plug out the cable and plug in back the UTP cable after the user login, the switch will assigned the user to proper VLAN.
  5.User wont be able to access their share drive n etc since the guest vlan only have access to the internet.
  5.Anyone have any idea what is happening? It seems that the machine is sending the old password during authentication process to the ACS.
  Anybody can shed a light to me. Thanks.

  This should certainly work with that rev. On your passed (or failed) auth log, you should see the username of the session authenticating. If you see the FQDN of the machine, this is a machine auth. Also, machine-auth typically executes before the GINA is displayed to the user. It sounds like machine-auth is failing and we need to determine why. Has this machine been away from the domain for long?
  This also might help:
  http://supportwiki.cisco.com/ViewWiki/index.php/802.1x_authentication_with_Cisco_Secure_Access_Control_Server_fails_to_work_for_Microsoft_Windows_XP_PC

• Help with configuring AP-1240AG as local authenticator for EAP-FAST client

  Hi,
  I am trying to configure an AP-1240AG as a local authenticator for a Windows XP client with no success. Here is a part of the AP configuration:
  dot11 lab_test
     authentication open eap eap_methods
     authentication network-eap eap_methods
     guest-mode
     infrastructure-ssid
  radius-server local
    eapfast authority id 0102030405060708090A0B0C0D0E0F10
    eapfast authority info lab
    eapfast server-key primary 7 211C7F85F2A6056FB6DC70BE66090DE351
    user georges nthash 7 115C41544E4A535E2072797D096466723124425253707D0901755A5B3A370F7A05
  Here is the Windows XP client configuration:
  Authentication: Open
  Encrpytion WEP
  Disable Cisco ccxV4 improvements
  username: georges
  password: georges
  Results: The show radius local-server statistics does not show any activity for the user georges and the debug messages are showing the following:
  *Mar  4 01:15:58.887: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
  *Mar  4 01:16:28.914: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
  *Mar  4 01:16:56.700: RADIUS/ENCODE(00001F5C):Orig. component type = DOT11
  *Mar  4 01:16:56.701: RADIUS:  AAA Unsupported Attr: ssid              [263] 19
  *Mar  4 01:16:56.701: RADIUS:    [lab_test]
  *Mar  4 01:16:56.701: RADIUS:   65                                               [e]
  *Mar  4 01:16:56.701: RADIUS:  AAA Unsupported Attr: interface         [156] 4
  *Mar  4 01:16:56.701: RADIUS:   38 32                                            [82]
  *Mar  4 01:16:56.701: RADIUS(00001F5C): Storing nasport 8275 in rad_db
  *Mar  4 01:16:56.702: RADIUS(00001F5C): Config NAS IP: 10.5.104.22
  *Mar  4 01:16:56.702: RADIUS/ENCODE(00001F5C): acct_session_id: 8026
  *Mar  4 01:16:56.702: RADIUS(00001F5C): sending
  *Mar  4 01:16:56.702: RADIUS/DECODE: parse response no app start; FAIL
  *Mar  4 01:16:56.702: RADIUS/DECODE: parse response; FAIL
  It seems that the radius packet that the AP receive is not what is expected. Do not know if the problem is with the client or with the AP configuration. Try many things but running out of ideas. Any suggestions would be welcome
  Thanks

  Hi Stephen,
  I do not want to create a workgroup bridge, just want to have the wireless radio bridge with the Ethernet port. I will remove the infrastructure command.
  Thanks for your help
  Stephane
  Here is the complete configuration:
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Lab
  ip subnet-zero
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 lab_test
     authentication open eap eap_methods
     authentication network-eap eap_methods
     guest-mode
     infrastructure-ssid
  power inline negotiation prestandard source
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid lab_test
  traffic-metrics aggregate-report
  speed basic-54.0
  no power client local
  channel 2462
  station-role root
  antenna receive right
  antenna transmit right
  no dot11 extension aironet
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  dfs band 3 block
    speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  channel dfs
  station-role root
  no dot11 extension aironet
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface BVI1
  ip address 10.5.104.22 255.255.255.0
  ip default-gateway 10.5.104.254
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server local
    eapfast authority id 000102030405060708090A0B0C0D0E0F
    eapfast authority info LAB
    eapfast server-key primary 7 C7AC67E296DF3437EB018F73BE00D822B8
    user georges nthash 7 14424A5A555C72790070616C03445446212202080A75705F513942017A76057007
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

• Looking for help with javascript to autofill checkboxes based on a numeric value.

  I have a numeric field that I would like to have 1 - checkbox
  out of five autofilled based on a numeric value.
  For instance the numeric value is TotalPoints
  If the TotalPoints Value is >10 autofill this checkbox
  If the TotalPoints Value is 10 - 19 autofill this checkbox
  If the TotalPoints Value is 20 - 49 autofill this checkbox
  If the TotalPoints Value is 50 - 69 autofill this checkbox
  If the TotalPoints Value is 70+ autofill this checkbox
  Assistance in writing the correct script for this would be greatly appreciated.

  All the checkboxes have separate names. 
  Check box #1 is AssetClass.0 with the export value of 1
  Check box #2 is AssetClass.1 with the export value of 2
  Check box #3 is AssetClass.2 with the export value of 3
  Check box #4 is AssetClass.3 with the export value of 4
  Check box #5 is AssetClass.4 with the export value of 5
  Score and StrategyUse the following calculation to determine your point score and indentify the appropriate strategy listed below.A. Add your points for questions 1 – 2.
  B. Add your points for questions 3 – 12.
  C. Subtract B from A. (Numeric Text Box)  name is TotalPoints
   Points Strategy Asset Class Mix (check boxes as named above)
   0 – 10 Primarily Fixed Income: 80% Fixed Income; 20% Equity
  10 – 19 Balanced Fixed Income-Oriented: 60% Fixed Income; 40% Equity
  20 – 49 Balanced Equity-Oriented: 40% Fixed Income; 60% Equity
  50 – 69 Primarily Equity: 20% Fixed Income; 80% Equity
  70+ Equity: 95%; 5% Cash 

• Help with file uploader, php script, Windows Authentication

  I am trying to setup a really basic web-based file uploader that I will expand upon later. I have the flex application working well enough (very basic). However, I have a php script in a secure folder using windows authentication. When I try to send the file to the script, it doesn't seem to like my credentials, and refuses to do anything. I do not get an error message; just nothing happens.
  My questions are:
  Does anybody know where I should've looked before posting this thread?
  Do I even have PHP set up correctly? (At first I just made a txt file and put a .php extension on it, then I tried to setup PHP on the server, but it was a little confusing for me)
  Is Windows Authentication the problem?
  I do plan on implementing SQL Server in the future (to keep track of Files and user-defined attributes for files), but I do not want to store the files in SQLserver, just their pathnames.
  Is there a simple way to use ColdFusion (for free) to acheive this end?
  I am somewhat experienced at coding applications, but am totally new to server-side scripts.
  This is my php script:
  <?php
  $tempFile = $_FILES['Filedata']['tmp_name'];
  $fileName = $_FILES['Filedata']['name'];
  $fileSize = $_FILES['Filedata']['size'];
  move_uploaded_file($tempFile, "./" . $fileName);
  ?>
  This is my flex application:
  <?xml version="1.0" encoding="utf-8"?>
  <s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
                    xmlns:s="library://ns.adobe.com/flex/spark"
                    xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600">
  <fx:Script>
       <![CDATA[
       private var fileRef:FileReference
       private var uploadFilePath:String
       private function selectFile():void
            fileRef = new FileReference();
            fileRef.addEventListener(Event.SELECT, fileRef_select);
            fileRef.browse();
       private function fileRef_select(evt:Event):void
            fileRef.upload(new URLRequest("http://SERVERLOCATION/PDFUploader.php"));
       ]]>
  </fx:Script>
       <s:Button top="30" left="5" label="Browse" click="selectFile()"/>
  </s:Application>
  Thanks to any who take the time to respond.

  Hey, so far all I have found is this tutorial.. I'm about to try it out
  http://www.smartwebby.com/Flash/external_data.asp

• Help with internet cam and ports

  I have a Linksys WVC54GCA  wireless Internet cam. I have set the IP to a static address. Created a DDNs account and have the address. I can see the site/cam on any computer on my network but cant seem to get it to port forward out . Help from anyone would be great. Thanks

  That is strange, because.
  Earlier when you posted what your domain was, I went to http://network-tools.com/
  and entered that domain name, you where ping-able / traceroute-able / I could find out the correct public IP and ISP address behind that domain.
  But now, I can not see the correct IP address.
  Now I am starting to wonder about what is going on..
  I think know what was going on, why you could not connect to your self by public IP.
  Auth failed, solve that first. Then I will tell you what to do..
  That means...
  While I don't use the same DDNS provider: Make sure that, you:
  #1 Are not running any DDNS client on the computer too. That, I, suspect will cause that issue.
  Run the DDNS client either on the router (if the router supports it) or on a computer behind that router.
  #2 You enter in the correct user name and password ( "password" is not the same as "Password" )
  Message Edited by dslr595148 on 10-21-2008 03:20 PM
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Need help with Math functions for text-based calculator!!!

  I have the calculator working but I am having trouble figuring out thow to do a square root function, nth factorial, absolute value, and Fibonacci. Basically i got the easy part done. Also I am using the case to do the funtions but I am not sure if there are symbols on the keyboard that are commonly used for these funtions so i just made some up. I am new to java and this is only my second assignment so any help would be appreciated. Thanks
  import java.util.*;
  import java.math.*;
  public class calculator
  static Scanner console=new Scanner(System.in);
  public static void main(String[]args)
  double num1=0,num2=0;
  double result=0;
  char expression;
  char operation;
  String Soperation;
  System.out.println("Enter ? for help or enter the operation in which to be processed");
  Soperation=console.next();
  operation = Soperation.charAt(0);
  switch(operation)
  case '+':
  System.out.println("Please the first number");
  num1=console.nextInt();
  System.out.println("Please enter the second number");
  num2=console.nextInt();
  result=num1+num2;
  break;
  case'-':
  System.out.println("Please the first number");
  num1=console.nextInt();
  System.out.println("Please enter the second number");
  num2=console.nextInt();
  result=num1-num2;
  break;
  case'*':
  System.out.println("Please the first number");
  num1=console.nextInt();
  System.out.println("Please enter the second number");
  num2=console.nextInt();
  result=num1*num2;
  break;
  case'/':
  System.out.println("Please the first number");
  num1=console.nextInt();
  System.out.println("Please enter the second number");
  num2=console.nextInt();
  if(num2==0)
  System.out.println("Cannot Divide by Zero");
  result=num1/num2;
  break;
  //square root
  case'^':
  System.out.println("Please enter a number");
  break;
  //fibonacci     
  case'#':
  System.out.println("Please enter the position of the Fibonacci number");
  break;
  //factorial
  case'!':
  System.out.println("Please enter the number for factoring");
  break;
            //absolute value
  case'&':
  System.out.println("Please enter a number");
  num1=console.nextInt();
  result=num1;
  break;
       // help funtion
  case'?':
  System.out.println("Type + for addition, - for subtraction");
  System.out.println("* for multipliction, / for division,^ for the square root");
  System.out.println(" & for absolute value, # for fibonacci,and ! for factorial");
  break;
  System.out.println("The result is:"+result);     
  }

  rmabrey wrote:
  I have the calculator working but I am having trouble figuring out thow to do a square root function, nth factorial, absolute value, and Fibonacci. java.lang.Math.sqrt()
  nothing for factorial - write your own.
  java.lang.Math.abs()
  nothing for Fibonacci - write your own.
  %

• 802.1x port authentication not working

  I am having some troubles figuring out what is going on here. I am trying to setup 802.1x port based authentication to assign clients to VLANs. I inherited this mess and its been a long time since I have used this. I ran a wireshark on my Radius server and I see no packets even coming from my switch IP address when I plug into a port (I verified communication because pings come up in my trace)
  Switch info:
  sw-ConfB>sho ver
  Cisco IOS Software, C2960C Software (C2960c405-UNIVERSALK9-M), Version 12.2(55)EX3, RELEASE SOFTWARE (fc2)
  Port config:
  interface FastEthernet0/11
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  Radius Server Info:
  radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
  Kinda lost why not Radius packet even comes from the switch. Any tips?

  sw-ConfB#sho ru
  Building configuration...
  Current configuration : 6301 bytes
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname sw-ConfB
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$3QAC$puzutRpCI5zR3Xv55xBVH0
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa session-id common
  system mtu routing 1500
  crypto pki trustpoint TP-self-signed-706182400
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-706182400
   revocation-check none
   rsakeypair TP-self-signed-706182400
  crypto pki certificate chain TP-self-signed-706182400
   certificate self-signed 01
    3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 37303631 38323430 30301E17 0D393330 33303130 30303430
    365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3730 36313832
    34303030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    C72AE421 F5BF8C62 7C9E14C1 E73686FB 67DD760A 0C6C790D 935143A0 8DD96CC8
    D14A11C1 D16F9583 AE3B591E 68581049 1C837110 1B1C0398 BDE81C86 3F80CD45
    E55EBE76 73B9F7AB 5F14CBD5 2BD38330 E1B4FA92 32490A66 CE0BE135 9B695D97
    BF7C04FB 2999CF98 2336E82C 559A89C1 7F4E2948 1D73EBD4 236E4DD9 4D8675AB
    02030100 01A36930 67300F06 03551D13 0101FF04 05300301 01FF3014 0603551D
    11040D30 0B820973 772D436F 6E66422E 301F0603 551D2304 18301680 14C35330
    A1D32EA5 C2A07CC9 B1B3CCDB EB93CAA7 02301D06 03551D0E 04160414 C35330A1
    D32EA5C2 A07CC9B1 B3CCDBEB 93CAA702 300D0609 2A864886 F70D0101 04050003
    8181002E FC217BF1 F9E6FBE1 B07270A6 79A57AA5 691A949D C61C00C2 09C1C3CA
    CA14EE07 60BA058E CFDCD8E7 19D83B68 5F06B92C 8612B396 B18BA823 C0E83021
    2EFD391E 06113246 5609E287 7883422A 0513AF6D 5BF03CDE 92786B1D 3E01284C
    1EE23296 12999C71 BE8A5BEA 4B768F7E 6EB63E05 B71AF375 7FB72B98 7665BF45 D14622
    quit
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface FastEthernet0/1
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/2
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/3
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/4
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/5
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/6
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/7
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/8
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/9
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/10
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/11
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/12
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface GigabitEthernet0/1
   switchport trunk native vlan 200
   switchport trunk allowed vlan 100,200,900
   switchport mode trunk
  interface GigabitEthernet0/2
   switchport access vlan 100
   switchport mode access
  interface Vlan1
   no ip address
  interface Vlan100
   ip address 10.0.1.3 255.255.255.0
  interface Vlan200
   ip address 10.0.2.4 255.255.255.0
  interface Vlan900
   ip address 10.0.9.4 255.255.255.0
  ip default-gateway 10.0.1.1
  ip http server
  ip http secure-server
  ip sla enable reaction-alerts
  radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
  radius-server retransmit 5
  radius-server key secret
  radius-server vsa send authentication