Aruba & ProVision-based
Showing results for 
Search instead for 
Did you mean: 

802.1x problem with switch as supplicant

Occasional Advisor

802.1x problem with switch as supplicant

I'm running 802.1x in my network and the Windows clients are authenticated without any problem. But now i want to put a new switch B in switch A.

Switch B will act as an supplicant and I have configured it with relevent data. 

On switch A i have the config aaa authentication port-access eap-radius.

When switch B are trying to authorize I got an error on the radius server. I think this is related to my certificate. I have a self signed certificate on the radius and I have also tried with our real certificate from GoDaddy, this is an wildcard and I think i could not be an wildcard on the radius for the EAP to work?


	Security ID:			xxxxxxxxxxxxxxxx
	Account Name:			xxxxxxxxxxxxxxxx
	Account Domain:			xxxxxxxxxxxxxxxx
	Fully Qualified Account Name:	xxxxxxxxxxxxxxxx

Client Machine:
	Security ID:			NULL SID
	Account Name:			-
	Fully Qualified Account Name:	-
	Called Station Identifier:		xxxxxxxxxxxxxxxx
	Calling Station Identifier:		xxxxxxxxxxxxxxxx

	NAS IPv4 Address:		xxxxxxxxxxxxxxxx
	NAS IPv6 Address:		-
	NAS Identifier:			xxxxxxxxxxxxxxxx
	NAS Port-Type:			Ethernet
	NAS Port:			6

RADIUS Client:
	Client Friendly Name:		xxxxxxxxxxxxxxxx
	Client IP Address:			xxxxxxxxxxxxxxxx

Authentication Details:
	Connection Request Policy Name:	Use Windows authentication for all users
	Network Policy Name:		Test switch SUPPLICANT
	Authentication Provider:		Windows
	Authentication Server:		xxxxxxxxxxxxxxxx
	Authentication Type:		EAP
	EAP Type:			-
	Account Session Identifier:		-
	Logging Results:			Accounting information was written to the local log file.
	Reason Code:			22
	Reason:				The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

If I change aaa authentication port-access eap-radius to aaa authentication port-access chap-radius the switch is granted access but the windows clients want to have eap-radius to work. 

So my question are do I need to have an real certificate on my radius or can I have my self signed?



Occasional Advisor

Re: 802.1x problem with switch as supplicant

I have figured out that the switch are using EAP-MD5 can I get the switch to use EAP-PEAP?