We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

NG Access Client 2.0 with 802.1x - Cisco 2960 switch configuration example

  • Type: Knowledgebase
  • Date changed: 6 months ago
Solution 00005285 

This solution replies to:
- NG Network Access Client versions 2.0-SPx
- Entegra Client versions 1.0-SPx, 2.0-SPx


When using NG Access Client 2.0 with the 802.1x feature and a cisco switch check out the following example configuration.

Additional information:
For more general hints please check out the following solution:

00005286 (https://campus.barracuda.com/solution/50160000000IKbHAAW) - "NG Access Client 2.0 with 802.1x - general hints"



Switch Configuration (this is an example configuration on a Cisco 2960 switch, we are not responsible if problems arise because of this example configuration, try it out in a test environment only!)

1. Activate AAA and 802.1x:
    for e.g.

username admin privilege 15 password 0 "Password"
aaa new-model
aaa authentication dot1x default group radius
aaa authentication dot1x group group radius
aaa authorization network default group radius
aaa session-id common
dot1x system-auth-control

2. Configure the switch to use, as a radius server, the netfence policyserver:
    for e.g.

radius-server configure-nas
radius-server host "netfence policyserverip" auth-port 1812 acct-port 1813 key "Passphrase/Key"
radius-server source-ports 1645-1646
radius-server optional-passwords
radius-server challenge-noecho

3. Configure a switchport to use 802.1x:
    for e.g.  

interface FastEthernet0/8
 switchport access vlan 171          (this vlan should be the "unhealthy" VLAN)
 switchport mode access
 dot1x port-control auto
 dot1x timeout quiet-period 1
 dot1x reauthentication
 spanning-tree portfast

Link to This Page: