Cascading of Cisco Small Business SG-200-26 and Cisco SG-200-8 with 802.1x


I have a question about cascading a SG-200-26 and a Cisco SG-200-8 under 802.1x environment.

What we have and what's working fine:
We have a well configured SG-200-26 switch with a Radius Server (NPS) running on Windows 2008. Both are up'n running and on all Ports set to "Auto" it is not possible to get access with non allowed devices. Now we have to expand that switch with a smaller one, the Cisco SG-200-8. When I connect the 8-port switch to the large one and set that port to "forceAuthorize"and configure 802.1x settings as well the Radius settings an the small one to the same as on the large one, everything works fine. But that misses the goal, because when someone disconnects the small switch, any other device can get access to the LAN through that port because the port is set to "forceAutorize" instead of "Auto".

What's not working:
When I set the port on the large switch to "Auto" I'm not able to configure the small switch to put requests through to the large one. I tried to set it to "Supplicant" as well as to "Authenticator", both variants with enabled 802.1x and Radius and without.

Does someone has any ideas how to solve that? Any help is highly appreciated!

Regards, Mike
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

unless the second switch can act as a supplicant (for connecting to the first switch) as well as an authenticator (for clients) at the same time, then it will have to be connected to a port that does not require authentication.

there is also the issue that even if it can act as a supplicant and authenticator at the same time, how will the first switch will treat packets from other hosts through the port..

I would suggest using physical security to protect both switches.
w3rAuthor Commented:
The second switch can't act as supplicant and as authenticator at the same time. But it doesn't make a difference what setting is applied. At least it seems so.

But when a Port is set to supplicant the switch wants to know a username for authentication. The switch only accepts users which are configured in the management of the switch. Because I'm still working with the default user it's name is cisco. So I thought that could be a great thing, the switch uses this user to authenticate itself to the first switch, the first switch would ask the radius if this user is allowed to get access. I created a user cisco in AD with same password set but without any success.

A strange thing is that the NPS log doesn't log any attempts of the second switch. So I'm not quite sure if the first switch does anything at all with the requests.

A weird thing is, that the both switches doesn't log useful things even not in debug log mode...
Ernie BeekExpertCommented:
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

w3rAuthor Commented:
Issue solved with a new firmware version (SG200-08x_FW_1.0.3.3.stk)
w3rAuthor Commented:
Issue solved with a new firmware version (SG200-08x_FW_1.0.3.3.stk)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
w3rAuthor Commented:
Issue solved with a new firmware version (SG200-08x_FW_1.0.3.3.stk)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.