Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

4800G and 802.1x

fierrann
Occasional Contributor

4800G and 802.1x

Hi guys.



i have a little problem for config my 802.1x and dynamic assignement vlan



i have a radius (acs cisco) and a 4800G



i do this :



#



domain default enable X



#



dot1x



dot1x timer supp-timeout 10



dot1x authentication-method eap



#



hwtacacs scheme Y



primary authentication IP



secondary authentication IP



primary authorization IP



secondary authorization IP



primary accounting IP



secondary accounting IP



key authentication xxxx



key authorization xxxx



key accounting xxxx



user-name-format without-domain



#



radius scheme Y



primary authentication IP



primary accounting IP



secondary authentication IP



secondary accounting IP



key authentication xxxx



key accounting xxxx



timer realtime-accouting 15



timer responses-timeout 5



user-name-format without-domain



retry 5



#



domain X



authentication default radius-scheme Y



authorization default radius-scheme Y



accounting default radius-scheme Y



authentication login hwtacacs-scheme Y



authorization login hwtacacs-scheme Y



accounting login hwtacacs-scheme Y



authentication lan-acces hwtacacs-scheme Y



authorization lan-acces hwtacacs-scheme Y



accounting lan-acces hwtacacs-scheme Y



acces-limit disable



idle-cut disable



self-service-url disable



accounting optional



i also config the guest vlan



i config interface :



#



interface GigabitEthernet1/0/1



undo jumboframe enable



stp edged-port enable



dot1x guest-vlan 10



undo dot1x handshake



dot1x port-method portbased



dot1x



when i plug on this interface, port go to forwarding state and few seconds later i have a "authentification failed" message...



what's wrong with my conf ?



thx !

2 REPLIES
fierrann
Occasional Contributor

Re: 4800G and 802.1x

Hi guys.



i have a little problem for config my 802.1x and dynamic assignement vlan



i have a radius (acs cisco) and a 4800G



i do this :



#



domain default enable X



#



dot1x



dot1x timer supp-timeout 10



dot1x authentication-method eap



#



hwtacacs scheme Y



primary authentication IP



secondary authentication IP



primary authorization IP



secondary authorization IP



primary accounting IP



secondary accounting IP



key authentication xxxx



key authorization xxxx



key accounting xxxx



user-name-format without-domain



#



radius scheme Y



primary authentication IP



primary accounting IP



secondary authentication IP



secondary accounting IP



key authentication xxxx



key accounting xxxx



timer realtime-accouting 15



timer responses-timeout 5



user-name-format without-domain



retry 5



#



domain X



authentication default radius-scheme Y



authorization default radius-scheme Y



accounting default radius-scheme Y



authentication login hwtacacs-scheme Y



authorization login hwtacacs-scheme Y



accounting login hwtacacs-scheme Y



authentication lan-acces hwtacacs-scheme Y



authorization lan-acces hwtacacs-scheme Y



accounting lan-acces hwtacacs-scheme Y



acces-limit disable



idle-cut disable



self-service-url disable



accounting optional



i also config the guest vlan



i config interface :



#



interface GigabitEthernet1/0/1



undo jumboframe enable



stp edged-port enable



dot1x guest-vlan 10



undo dot1x handshake



dot1x port-method portbased



dot1x



when i plug on this interface, port go to forwarding state and few seconds later i have a "authentification failed" message...



what's wrong with my conf ?



thx !

excelsio
Occasional Advisor

Re: 4800G and 802.1x

Hi,



I setup an 3COM 2928 with 802.1x and voip phones doing EAP with MD5. I setup the phone to use VLAN 30. So it´s static.



According to my radius, the phones authenticate wihout any problems. But the phone itself still says: "authentication failed".



So it seems something is still missing.



 



This message was edited by excelsio on 11-28-09 @ 6:41 AM