Hi, Does anyone have experience in setting up PowerConnect switches with Windows radius server? The switches i have atm are in production, so we need to get it right the first time. I was trying to enable the global parameters for Dot1x Authentication (Switching ->Network Security ->Dot1x Auth) without setting any port settings. These ports are now static VLANs, but what happened is that all traffic stopped on all ports. Is it not possible to configure Dot1x on 1 port only for testing purposes, while the rest is running as usual?

Is there any guides out there? (Not the manual.). The port where you have your radius server must be configured in such a vlan that the radius server will be able to reach all the clients - if we are talking about client authentication. To test it, you can use ping from the server where the radius is running or telnet to a specific port it depends how the security on the network is set up. If you want to authenticate the access to network devices (routers, switches etc) then you need to ensure also that the radius server can reach also the network devices management IP address. Step 7 Micro Win Windows 7 Free Download here.

Important Microsoft Bulletins & Security Patches Version. An NPS server that is running. Hotfix 802.1Q VLAN Tagging on NLB enabled. Install Root Enumerated Driver Live Suit Pack.

Ok if the radius server will do an authenticatian and also if the server will decide which client will be assigned to which VLAN then it is a little more difficult. I dont know what type of switches you are using but what I know from the implementation on Cisco is this: Port configuration for ports that are going to end users can be something like this: interface GigabitEthernet0/1 switchport access vlan 10 dot1x pae authenticator dot1x port-control auto dot1x violation-mode protect dot1x timeout quiet-period 15 dot1x timeout reauth-period server dot1x timeout tx-period 3 dot1x reauthentication dot1x critical dot1x guest-vlan 99 dot1x auth-fail vlan 99 dot1x critical vlan 99 spanning-tree portfast! The VLAN 10 is a desired user VLAN - when everything is ok the user will and in this VLAN. The vlan 99 is a vlan from which a user has some access but not the full access (everything depends on how you configure the radius), this vlan is used in my example also when a end user fail his authentication. There are much more thing that can be taken into consideration in depend on the desing. Maybe this can help you out. Trere is one more thing the configuration that I gave you above was for a case when the clients are static - that means that you know in which switchport the client had to be connected and the clients dont changes their places.

For example - if you know that on port gig0/1 have to be a computer from Sales VLAN then you configure a switchport mode access VLAN 2 and if the cliet pass the authentication process then he will be permitted to access the network using vlan2 if not then he will get the auth-fail vlan - in my configuration vlan 99. I dont know if it is possible to configure a port to by in a state in which any client connect to it and then according to which client connected a vlan will be assigned to the port - I dont know if this possible - never implemented something like this. And now when I'm reading you main question ' Is it not possible to configure Dot1x on 1 port only for testing purposes, while the rest is running as usual?' On CIsco devices it is so that you enable dot1x globally but you need to enable it also on the desired interfaces. Till you dont enable it on an interface the clients are not forced to authenticate. But i dont know if it is working the same way aslo with PowerConnect switches.