https://community.hpe.com/t5/security-e-series/dot1x-with-3com-4210/m-p/5569385#M152 <P>Hi Jan,</P><P>&nbsp;</P><P>generally I would add a new RADIUS scheme for NPS authentication like</P><P>&nbsp;</P><P>radius scheme nps</P><P>primary authentication ...</P><P>&nbsp;</P><P>In the domain you have to refer to the scheme and add authorization:</P><P>&nbsp;</P><P>domain &lt;whatever&gt;</P><P>authentication lan-access radius-scheme nps<BR />authorization lan-access radius-scheme nps<BR />accounting lan-access radius-scheme nps</P><P>...</P><P>&nbsp;</P><P>If you miss the authorization it will not work!</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 01 Mar 2012 11:15:52 GMT Ulrich Saur 2012-03-01T11:15:52Z https://community.hpe.com/t5/security-e-series/dot1x-with-3com-4210/m-p/5411597#M139 <P>Hi all,</P><P>&nbsp;</P><P>pls help with issue bellow.</P><P>&nbsp;</P><P>I need to setup port-based authenticatoin 802.1x with RADIUS server / Microsoft NPS 2008 / - After my configuration&nbsp; seem everything fine only 3com tell me Failed auth. and end user dont connect to the VLAN1 and stay in unauth state :(</P><P>&nbsp;</P><P><FONT color="#FF0000"><STRONG>1. 3Com CFG configuration</STRONG></FONT></P><P>&nbsp;</P><P>domain default enable system</P><P>&nbsp;</P><P>dot1x<BR />dot1x authentication-method eap</P><P>&nbsp;</P><P>radius scheme system<BR />&nbsp;server-type standard<BR />&nbsp;primary authentication 172.16.5.19 key secret</P><P>&nbsp;</P><P>domain system<BR />&nbsp;scheme radius-scheme system<BR />&nbsp;scheme login local<BR />&nbsp;authentication lan-access radius-scheme system<BR />&nbsp;authorization login local</P><P>&nbsp;</P><P>interface Ethernet1/0/4<BR />&nbsp;stp edged-port enable<BR />&nbsp;loopback-detection enable<BR />&nbsp;dot1x</P><P>&nbsp;</P><P><FONT color="#FF0000">di dot1x - command</FONT></P><P>&nbsp;</P><P>&nbsp;Ethernet1/0/4&nbsp; is link-up<BR />&nbsp;&nbsp; 802.1X protocol is enabled<BR />&nbsp;&nbsp; Proxy trap checker is disabled<BR />&nbsp;&nbsp; Proxy logoff checker is disabled<BR />&nbsp;&nbsp; Version-Check is disabled<BR />&nbsp;&nbsp; The port is an authenticator<BR />&nbsp;&nbsp; Authentication Mode is Auto<BR />&nbsp;&nbsp; Port Control Type is Mac-based<BR />&nbsp;&nbsp; ReAuthenticate is disabled<BR />&nbsp;&nbsp; Max number of on-line users is 256<BR /><BR />&nbsp;&nbsp; Authentication Success: 0, <FONT color="#FF6600"><STRONG>Failed: 49</STRONG></FONT><BR />&nbsp;&nbsp; EAPOL Packets: Tx 369, Rx 393<BR />&nbsp;&nbsp; Sent EAP Request/Identity Packets : 113<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EAP Request/Challenge Packets: 0<BR />&nbsp;&nbsp; Received EAPOL Start Packets : 136<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EAPOL LogOff Packets: 0<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EAP Response/Identity Packets : 257<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EAP Response/Challenge Packets: 0<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Error Packets: 0<BR />&nbsp;1. Unauthenticated user : MAC address: 001f-29d7-70d4<BR /><BR /><FONT color="#FF0000"><STRONG>Network Monitor 3.4 on NPS server</STRONG></FONT></P><P>&nbsp;</P><P><FONT color="#FF6600"><IMG width="1173" height="278" src="http://clip2net.com/clip/m106888/1323268351-55b34-102kb.jpg" border="0" /></FONT></P><P>Everything look fine :(</P><P>&nbsp;</P><P><FONT color="#FF6600"><STRONG>NPS 2008 server</STRONG></FONT></P><P>&nbsp;</P><P><IMG width="626" height="434" src="http://clip2net.com/clip/m106888/1323268768-e3ca0-48kb.jpg" align="left" border="0" /></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Is there some specail vendor specific for 3COMs? Or could anybody help me with that?</P><P>&nbsp;</P><P>Thank you all for reply</P><P>&nbsp;</P><P>Jan</P> Wed, 07 Dec 2011 14:41:49 GMT https://community.hpe.com/t5/security-e-series/dot1x-with-3com-4210/m-p/5411597#M139 joxer123 2011-12-07T14:41:49Z https://community.hpe.com/t5/security-e-series/dot1x-with-3com-4210/m-p/5569385#M152 <P>Hi Jan,</P><P>&nbsp;</P><P>generally I would add a new RADIUS scheme for NPS authentication like</P><P>&nbsp;</P><P>radius scheme nps</P><P>primary authentication ...</P><P>&nbsp;</P><P>In the domain you have to refer to the scheme and add authorization:</P><P>&nbsp;</P><P>domain &lt;whatever&gt;</P><P>authentication lan-access radius-scheme nps<BR />authorization lan-access radius-scheme nps<BR />accounting lan-access radius-scheme nps</P><P>...</P><P>&nbsp;</P><P>If you miss the authorization it will not work!</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 01 Mar 2012 11:15:52 GMT https://community.hpe.com/t5/security-e-series/dot1x-with-3com-4210/m-p/5569385#M152 Ulrich Saur 2012-03-01T11:15:52Z https://community.hpe.com/t5/security-e-series/dot1x-with-3com-4210/m-p/5569389#M153 Oops, this post was really old! This forum is not really alive, is it?! Thu, 01 Mar 2012 11:15:31 GMT https://community.hpe.com/t5/security-e-series/dot1x-with-3com-4210/m-p/5569389#M153 Ulrich Saur 2012-03-01T11:15:31Z