- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- 802..1X Fail Comware 5.20.99 Switch HPE 1920
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2020 12:01 PM - last edited on 03-08-2020 08:06 AM by Parvez_Admin
03-05-2020 12:01 PM - last edited on 03-08-2020 08:06 AM by Parvez_Admin
Hi,
I have been having trouble configuring the dynamic vlan on the 5.20.99 comware switches, I'm authenticating on an NPS. Below are the settings:
#
dot1x
dot1x quiet-period
dot1x timer quiet-period 30
dot1x retry 3
dot1x timer handshake-period 30
dot1x authentication-method eap
#
radius scheme my.domain
primary authentication myserver1 1645
primary accounting myserver1 1646
key authentication cipher mypass
key accounting cipher mypass
user-name-format without-domain
nas-ip myip
#
domain my.domain
authentication lan-access radius-scheme my.domain
accounting lan-access radius-scheme my.domain
access-limit disable
state active
idle-cut disable
self-service-url disable
#####
interface GigabitEthernet1/0/34
port auto-power-down
stp edged-port enable
dot1x guest-vlan 300
dot1x auth-fail vlan 300
dot1x critical vlan 300
dot1x critical recovery-action reinitialize
undo dot1x handshake
dot1x mandatory-domain my.domain
dot1x
###########
When authenticating on the computer, the NPS log shows the following:
Network Policy Server granted access to a user.
User:
Security ID: NULL SID
Account Name: myuser
Account Domain: -
Fully Qualified Account Name: -
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: -
Calling Station Identifier: 00-XX-XX-XX-XX-27
NAS:
NAS IPv4 Address: myip
NAS IPv6 Address: -
NAS Identifier: SWCORE-GP-CS03-L302
NAS Port-Type: Ethernet
NAS Port: 16916481
RADIUS Client:
Client Friendly Name: SW-GPSP-CORE02
Client IP Address: 10.120.0.16
Authentication Details:
Connection Request Policy Name: Requisicao_Redirecionamento
Network Policy Name: -
Authentication Provider: RADIUS Proxy
Authentication Server: myip
Authentication Type: -
EAP Type: -
Account Session Identifier: 31323030323035313632306134303130
Logging Results: Accounting information was written to the local log file.
Quarantine Information:
Result: -
Session Identifier:
####
Even though NPS is successful, the computer remains with authentication failure. I have this same configuration on comware 3 switches and work normally.
The only additional configuration that exists in comware 3 is vlan-assignment-mode string, however this configuration is unavailable in comware 5.20.99
Can you help me?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-06-2020 01:42 AM
03-06-2020 01:42 AM
SolutionHello,
Please in the domain configuration, configure your radius server also as authorization source for LAN-access. This should look like this in the configuration
#
domain my.domain
authentication lan-access radius-scheme my.domain
authorization lan-access radius-scheme my.domain
accounting lan-access radius-scheme my.domain
access-limit disable
state active
idle-cut disable
self-service-url disable
On the interface you should make sure that MAC VLAN is enabled, otherwise a dynamic RADIUS VLAN cannot be assigned. MAC VLAN requires also the port to be in link-mode hybrid.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-06-2020 02:43 AM
03-06-2020 02:43 AM
Re: 802..1X Fail Comware 5.20.99 Switch HP 1920
Adding lan-access radius-scheme my.domain authorization solved my problem.
Thank you very much.