Dot1x port authentication too slow
Hi all,
we have implemented dot1x to allow multiboot machines connection to seperate domains on seperate vlans. The problem we are having is that occasionally, some machines are slow to authenticate with their required domain. it usually also only occurs during the first bootup of the day. if left, after about 3 or 4 minutes, they have authenticated and will work, however we keep getting tickets about pc's not being able to logon :)
I have check NPS and made sure that the authentication policy is on top of the list.
The only thing I can think of following now is the quiet-time period on the ethernet ports, possibly cutting that back from 60 to 10.
Our switches are mainly all 3560's.
All help will be appreciated!
we have implemented dot1x to allow multiboot machines connection to seperate domains on seperate vlans. The problem we are having is that occasionally, some machines are slow to authenticate with their required domain. it usually also only occurs during the first bootup of the day. if left, after about 3 or 4 minutes, they have authenticated and will work, however we keep getting tickets about pc's not being able to logon :)
I have check NPS and made sure that the authentication policy is on top of the list.
The only thing I can think of following now is the quiet-time period on the ethernet ports, possibly cutting that back from 60 to 10.
Our switches are mainly all 3560's.
All help will be appreciated!
Craig Beck
Can you post the config from one of your switches?
Span tree portfast for the 802.1x enabled ports. Vlan switching is slower without STP and should be faster with it. You should sniff the traffic on the slow host's and see if something like your radius server is taking a long time to respond or other issue may exist.
-rich
-rich
ASKER
I'll post a config shortly,
Rich, it's not portfast, that was the first thing I checked. I will try sniffing the packets tho.
-Dylan.
Rich, it's not portfast, that was the first thing I checked. I will try sniffing the packets tho.
-Dylan.
ASKER
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname bndC3568g
!
boot-start-marker
boot-end-marker
!
enable secret 5 **********
!
username Unisys privilege 0 secret 5 **************
aaa new-model
!
!
aaa authentication login vtymethod group tacacs+ enable
aaa authentication login Console line
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
!
!
aaa session-id common
clock timezone AEST 10
system mtu routing 1500
ip subnet-zero
no ip domain-lookup
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
dot1x system-auth-control
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tftp source-interface Vlan999
!
!
interface GigabitEthernet0/1
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/4
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/5
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/6
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/7
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/8
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/9
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/10
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/11
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/12
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/25
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/26
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/27
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/28
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/29
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/30
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/31
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/32
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/33
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/34
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/35
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/36
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/37
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/38
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/39
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/40
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/41
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/42
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/43
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/44
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/45
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/46
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/47
description Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/48
description Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/49
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/50
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/51
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface Vlan1
no ip address
shutdown
!
interface Vlan999
ip address 10.120.16.57 255.255.255.0
!
ip default-gateway 10.120.16.254
ip classless
no ip http server
ip tacacs source-interface Vlan999
!
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
snmp-server community public RO 10
snmp-server community public@es0 RO
snmp-server community ****
snmp-server community ****
snmp-server community ****
snmp-server community ****
snmp-server ****
snmp-server chassis-id bndC3568g
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet group 1
snmp-server enable traps power-ethernet police
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host *** ****
snmp-server host *** ****
snmp-server host *** ****
snmp-server host *** public
tacacs-server host *** single-connection key 7 *************
tacacs-server timeout 10
tacacs-server directed-request
radius-server dead-criteria tries 3
radius-server host 10.120.16.10 auth-port 1645 acct-port 1646
radius-server host 10.118.16.10 auth-port 1645 acct-port 1646
radius-server deadtime 120
radius-server key 7 **********
!
control-plane
!
!
line con 0
exec-timeout 15 0
password 7 *********
login authentication Console
line vty 0 4
exec-timeout 15 0
password 7 **********
login authentication vtymethod
length 0
transport input telnet
line vty 5 15
exec-timeout 15 0
password 7 *******
login authentication vtymethod
transport input telnet
!
ntp clock-period 36030555
ntp source Vlan999
ntp server 10.120.16.254
end
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname bndC3568g
!
boot-start-marker
boot-end-marker
!
enable secret 5 **********
!
username Unisys privilege 0 secret 5 **************
aaa new-model
!
!
aaa authentication login vtymethod group tacacs+ enable
aaa authentication login Console line
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
!
!
aaa session-id common
clock timezone AEST 10
system mtu routing 1500
ip subnet-zero
no ip domain-lookup
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
dot1x system-auth-control
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tftp source-interface Vlan999
!
!
interface GigabitEthernet0/1
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/4
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/5
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/6
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/7
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/8
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/9
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/10
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/11
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/12
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/25
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/26
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/27
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/28
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/29
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/30
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/31
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/32
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/33
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/34
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/35
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/36
switchport access vlan 2
switchport mode access
switchport voice vlan 100
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/37
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/38
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/39
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/40
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/41
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/42
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/43
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/44
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/45
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/46
description DANA Rm D1.06
switchport mode access
switchport voice vlan 100
switchport port-security
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
no snmp trap link-status
auto qos voip trust
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
spanning-tree portfast
!
interface GigabitEthernet0/47
description Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/48
description Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/49
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/50
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/51
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface Vlan1
no ip address
shutdown
!
interface Vlan999
ip address 10.120.16.57 255.255.255.0
!
ip default-gateway 10.120.16.254
ip classless
no ip http server
ip tacacs source-interface Vlan999
!
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
access-list 10 remark ****
access-list 10 permit ****
snmp-server community public RO 10
snmp-server community public@es0 RO
snmp-server community ****
snmp-server community ****
snmp-server community ****
snmp-server community ****
snmp-server ****
snmp-server chassis-id bndC3568g
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet group 1
snmp-server enable traps power-ethernet police
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps hsrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host *** ****
snmp-server host *** ****
snmp-server host *** ****
snmp-server host *** public
tacacs-server host *** single-connection key 7 *************
tacacs-server timeout 10
tacacs-server directed-request
radius-server dead-criteria tries 3
radius-server host 10.120.16.10 auth-port 1645 acct-port 1646
radius-server host 10.118.16.10 auth-port 1645 acct-port 1646
radius-server deadtime 120
radius-server key 7 **********
!
control-plane
!
!
line con 0
exec-timeout 15 0
password 7 *********
login authentication Console
line vty 0 4
exec-timeout 15 0
password 7 **********
login authentication vtymethod
length 0
transport input telnet
line vty 5 15
exec-timeout 15 0
password 7 *******
login authentication vtymethod
transport input telnet
!
ntp clock-period 36030555
ntp source Vlan999
ntp server 10.120.16.254
end
ASKER
Not all ports are Dot1x. Only ports marked with "DANA Rm D1.06" in the description.
Thanks.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cheers. I ended up changing those settings to quiet-period 20, sever-timeout 10, suplicant timeout 10. Now just to see if that solves the problem :)
Thanks.
Thanks.