HPE Community
Aruba & ProVision-based
1752808 Members
6070 Online
108789 Solutions
New Discussion

802.1x problem with switch as supplicant

 
joacef
Occasional Advisor

‎06-06-2018 11:18 AM

‎06-06-2018 11:18 AM

802.1x problem with switch as supplicant

I'm running 802.1x in my network and the Windows clients are authenticated without any problem. But now i want to put a new switch B in switch A.

Switch B will act as an supplicant and I have configured it with relevent data. 

On switch A i have the config aaa authentication port-access eap-radius.

When switch B are trying to authorize I got an error on the radius server. I think this is related to my certificate. I have a self signed certificate on the radius and I have also tried with our real certificate from GoDaddy, this is an wildcard and I think i could not be an wildcard on the radius for the EAP to work?

 

User:
	Security ID:			xxxxxxxxxxxxxxxx
	Account Name:			xxxxxxxxxxxxxxxx
	Account Domain:			xxxxxxxxxxxxxxxx
	Fully Qualified Account Name:	xxxxxxxxxxxxxxxx

Client Machine:
	Security ID:			NULL SID
	Account Name:			-
	Fully Qualified Account Name:	-
	Called Station Identifier:		xxxxxxxxxxxxxxxx
	Calling Station Identifier:		xxxxxxxxxxxxxxxx

NAS:
	NAS IPv4 Address:		xxxxxxxxxxxxxxxx
	NAS IPv6 Address:		-
	NAS Identifier:			xxxxxxxxxxxxxxxx
	NAS Port-Type:			Ethernet
	NAS Port:			6

RADIUS Client:
	Client Friendly Name:		xxxxxxxxxxxxxxxx
	Client IP Address:			xxxxxxxxxxxxxxxx

Authentication Details:
	Connection Request Policy Name:	Use Windows authentication for all users
	Network Policy Name:		Test switch SUPPLICANT
	Authentication Provider:		Windows
	Authentication Server:		xxxxxxxxxxxxxxxx
	Authentication Type:		EAP
	EAP Type:			-
	Account Session Identifier:		-
	Logging Results:			Accounting information was written to the local log file.
	Reason Code:			22
	Reason:				The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

If I change aaa authentication port-access eap-radius to aaa authentication port-access chap-radius the switch is granted access but the windows clients want to have eap-radius to work. 

So my question are do I need to have an real certificate on my radius or can I have my self signed?

 

 

1 person had this problem.
0 Kudos
1 REPLY 1
joacef
Occasional Advisor

‎06-06-2018 11:09 PM

‎06-06-2018 11:09 PM

Re: 802.1x problem with switch as supplicant

I have figured out that the switch are using EAP-MD5 can I get the switch to use EAP-PEAP?

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.