topic configuring 802.1x with juniper radius server in Switches, Hubs, and Modems https://community.hpe.com/t5/switches-hubs-and-modems/configuring-802-1x-with-juniper-radius-server/m-p/5683021#M30869 <P>Hi<BR /><BR />i have HP switch 4500 , the switch configured as a radius client for the juniper radius server (UAC), the switch connected to the juniper radius as a client succesfully.<BR /><BR />i configured the dot1x on the switch and on one of the ports but the authentication on the client failed (there is a EAP-Failure messages sent from the switch to the client).<BR /><BR />below is the switch configuration.<BR /><BR />========================================<BR /><BR />radius scheme system<BR />&nbsp;server-type standard<BR />&nbsp;primary authentication 127.0.0.1 1645<BR />&nbsp;primary accounting 127.0.0.1 1646<BR />&nbsp;user-name-format without-domain<BR />radius scheme radius1<BR />&nbsp;primary authentication 172.16.10.10 1812<BR />&nbsp;key authentication 123123<BR />&nbsp;timer 5<BR />&nbsp;retry 5<BR />&nbsp;user-name-format without-domain<BR /><BR />domain sudatel.net<BR />&nbsp;radius-scheme radius1<BR />&nbsp;access-limit disable<BR />&nbsp;state active<BR />&nbsp;vlan-assignment-mode integer<BR />&nbsp;idle-cut enable 20 2000<BR />&nbsp;self-service-url disable<BR />&nbsp;messenger time disable<BR />&nbsp;<BR />&nbsp;domain system<BR />&nbsp; radius-scheme radius1<BR />&nbsp; access-limit disable<BR />&nbsp; state active<BR />&nbsp; vlan-assignment-mode integer<BR />&nbsp; idle-cut disable<BR />&nbsp; self-service-url disable<BR />&nbsp; messenger time disable<BR />&nbsp;<BR />&nbsp; domain default enable sudatel.net<BR />&nbsp;#<BR />&nbsp; local-server nas-ip 127.0.0.1 key 123123<BR />&nbsp;<BR />&nbsp;local-user admin<BR />&nbsp; password simple admin<BR />&nbsp; service-type lan-access<BR />&nbsp; service-type telnet level 3<BR />&nbsp;<BR />&nbsp;local-user lanuser<BR />&nbsp; password cipher RQ4NJ=aZ$3GL&gt;K8=@9OLY!!!<BR />&nbsp; service-type telnet level 3<BR />&nbsp;#<BR />&nbsp; dot1x<BR />&nbsp; dot1x authentication-method eap<BR />&nbsp; undo dot1x handshake enable<BR />&nbsp;#<BR />&nbsp; monitor-port Ethernet0/4 no-filt<BR />&nbsp; mirroring-port Ethernet0/3 both<BR />&nbsp; mirroring-port Ethernet0/2 both<BR />&nbsp;#<BR />&nbsp; queue-scheduler wrr 1 2 4 8<BR />&nbsp;#<BR />&nbsp;vlan 1<BR />&nbsp;#<BR />&nbsp;vlan 10<BR />&nbsp;#<BR />&nbsp;vlan 110<BR />&nbsp;#<BR />&nbsp;vlan 120<BR />&nbsp;#<BR />&nbsp;vlan 203<BR />&nbsp;#<BR />&nbsp;interface Vlan-interface10<BR />&nbsp; ip address 172.16.10.11 255.255.255.0<BR />&nbsp;#<BR />&nbsp;interface Aux0/0<BR />&nbsp;#<BR />&nbsp;interface Ethernet0/1<BR />&nbsp; description TO SHQ_S6506_A<BR />&nbsp; duplex full<BR />&nbsp; speed 100<BR />&nbsp; port link-type trunk<BR />&nbsp; port trunk permit vlan 1 10 110 120 203<BR />&nbsp;#<BR />&nbsp;interface Ethernet0/2<BR />&nbsp; port access vlan 10<BR />&nbsp;#<BR />&nbsp;interface Ethernet0/3<BR />&nbsp; port access vlan 110<BR />&nbsp; dot1x port-method portbased<BR />&nbsp; dot1x guest-vlan 203<BR />&nbsp; dot1x<BR /><BR />=====================================<BR /><BR />any ideas?<BR /><BR />Regards<BR />Mahmoud</P> Thu, 07 Jun 2012 06:39:10 GMT eng_mahmood48 2012-06-07T06:39:10Z configuring 802.1x with juniper radius server https://community.hpe.com/t5/switches-hubs-and-modems/configuring-802-1x-with-juniper-radius-server/m-p/5683021#M30869 <P>Hi<BR /><BR />i have HP switch 4500 , the switch configured as a radius client for the juniper radius server (UAC), the switch connected to the juniper radius as a client succesfully.<BR /><BR />i configured the dot1x on the switch and on one of the ports but the authentication on the client failed (there is a EAP-Failure messages sent from the switch to the client).<BR /><BR />below is the switch configuration.<BR /><BR />========================================<BR /><BR />radius scheme system<BR />&nbsp;server-type standard<BR />&nbsp;primary authentication 127.0.0.1 1645<BR />&nbsp;primary accounting 127.0.0.1 1646<BR />&nbsp;user-name-format without-domain<BR />radius scheme radius1<BR />&nbsp;primary authentication 172.16.10.10 1812<BR />&nbsp;key authentication 123123<BR />&nbsp;timer 5<BR />&nbsp;retry 5<BR />&nbsp;user-name-format without-domain<BR /><BR />domain sudatel.net<BR />&nbsp;radius-scheme radius1<BR />&nbsp;access-limit disable<BR />&nbsp;state active<BR />&nbsp;vlan-assignment-mode integer<BR />&nbsp;idle-cut enable 20 2000<BR />&nbsp;self-service-url disable<BR />&nbsp;messenger time disable<BR />&nbsp;<BR />&nbsp;domain system<BR />&nbsp; radius-scheme radius1<BR />&nbsp; access-limit disable<BR />&nbsp; state active<BR />&nbsp; vlan-assignment-mode integer<BR />&nbsp; idle-cut disable<BR />&nbsp; self-service-url disable<BR />&nbsp; messenger time disable<BR />&nbsp;<BR />&nbsp; domain default enable sudatel.net<BR />&nbsp;#<BR />&nbsp; local-server nas-ip 127.0.0.1 key 123123<BR />&nbsp;<BR />&nbsp;local-user admin<BR />&nbsp; password simple admin<BR />&nbsp; service-type lan-access<BR />&nbsp; service-type telnet level 3<BR />&nbsp;<BR />&nbsp;local-user lanuser<BR />&nbsp; password cipher RQ4NJ=aZ$3GL&gt;K8=@9OLY!!!<BR />&nbsp; service-type telnet level 3<BR />&nbsp;#<BR />&nbsp; dot1x<BR />&nbsp; dot1x authentication-method eap<BR />&nbsp; undo dot1x handshake enable<BR />&nbsp;#<BR />&nbsp; monitor-port Ethernet0/4 no-filt<BR />&nbsp; mirroring-port Ethernet0/3 both<BR />&nbsp; mirroring-port Ethernet0/2 both<BR />&nbsp;#<BR />&nbsp; queue-scheduler wrr 1 2 4 8<BR />&nbsp;#<BR />&nbsp;vlan 1<BR />&nbsp;#<BR />&nbsp;vlan 10<BR />&nbsp;#<BR />&nbsp;vlan 110<BR />&nbsp;#<BR />&nbsp;vlan 120<BR />&nbsp;#<BR />&nbsp;vlan 203<BR />&nbsp;#<BR />&nbsp;interface Vlan-interface10<BR />&nbsp; ip address 172.16.10.11 255.255.255.0<BR />&nbsp;#<BR />&nbsp;interface Aux0/0<BR />&nbsp;#<BR />&nbsp;interface Ethernet0/1<BR />&nbsp; description TO SHQ_S6506_A<BR />&nbsp; duplex full<BR />&nbsp; speed 100<BR />&nbsp; port link-type trunk<BR />&nbsp; port trunk permit vlan 1 10 110 120 203<BR />&nbsp;#<BR />&nbsp;interface Ethernet0/2<BR />&nbsp; port access vlan 10<BR />&nbsp;#<BR />&nbsp;interface Ethernet0/3<BR />&nbsp; port access vlan 110<BR />&nbsp; dot1x port-method portbased<BR />&nbsp; dot1x guest-vlan 203<BR />&nbsp; dot1x<BR /><BR />=====================================<BR /><BR />any ideas?<BR /><BR />Regards<BR />Mahmoud</P> Thu, 07 Jun 2012 06:39:10 GMT https://community.hpe.com/t5/switches-hubs-and-modems/configuring-802-1x-with-juniper-radius-server/m-p/5683021#M30869 eng_mahmood48 2012-06-07T06:39:10Z