- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: HP 5900 problem with dot1x / 802.1x ErrCode=14...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2017 03:06 AM
тАО06-12-2017 03:06 AM
HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.
Hi.
I have a strange problem with dot1x authentication on my new switch-es HP5900.
There are two switches with IRF, the configuration of the dot1x:
dot1x
dot1x authentication-method eap
dot1x quiet-period
interface GigabitEthernet2/0/27
port link-mode bridge
dot1x
dot1x port-method portbased
dot1x guest-vlan 25
With Radius configuration.
The computer falls in Guest VLan allways, and in logs I have:
%Jun 11 23:49:49:152 2017 HP5900_DEV_ACCESS DOT1X/6/DOT1X_LOGIN_SUCC: -IfName=GigabitEthernet2/0/27-MACAddr=d481-d7c6-6c40-VLANId=25-UserName=host/CFMLPCHWS3G2.bre-leasing.com.pl; The user passed 802.1X authentication and got online successfully.
%Jun 11 23:49:49:160 2017 HP5900_DEV_ACCESS DOT1X/6/DOT1X_LOGOFF: -IfName=GigabitEthernet2/0/27-MACAddr=d481-d7c6-6c40-VLANId=25-UserName=host/CFMLPCHWS3G2.bre-leasing.com.pl-ErrCode=14; Session of the 802.1X user was terminated.
What is it , where there are some problems ?
Thanks
DD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2017 05:24 AM
тАО06-12-2017 05:24 AM
Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.
Hi Dranet,
the config seems fine so far. Could you provide us the corresponding log message of the 802.1X server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2017 06:51 AM
тАО06-12-2017 06:51 AM
Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.
Hi.
Thanks for the answer.
Here are the logs from Radius serwer:
x.y.110.z,host/LPCHWS3G2.*.com.pl,06/12/2017,01:03:33,IAS,MDC2,6,2,32,HP5900_DEV_ACCESS,5,33665049,61,15,31,D4-81-D7-C6-6C-40,30,D8-94-03-23-49-05,12,1450,87,slot=2;subslot=0;port=27;vlanid=25,4,x.y.110.z,4108,x.y.110.z,4116,0,4128,HP5900_DEV_ACCESS,4154,Use Windows authentication for all users,4155,1,4129,*\LPCHWS3G2$,25,311 1 g.h.100.y 05/18/2017 22:44:58 111416,4130,*.com.pl/Komputery/LPCHWS3G2,4127,5,4149,10.124 BRELDEV LAN,4136,1,4142,0
x.y.110.z,host/LPCHWS3G2.*.com.pl,06/12/2017,01:03:33,IAS,MDC2,25,311 1 g.h.100.y 05/18/2017 22:44:58 111416,27,30,4130,*.com.pl/Komputery/LPCHWS3G2,4149,10.124 BRELDEV LAN,4127,5,4108,x.y.110.z,4116,0,4128,HP5900_DEV_ACCESS,4154,Use Windows authentication for all users,4155,1,4129,*\LPCHWS3G2$,4136,11,4142,0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2017 07:46 AM - edited тАО06-14-2017 04:07 AM
тАО06-12-2017 07:46 AM - edited тАО06-14-2017 04:07 AM
Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.
I suppose LPCHWS3G2 is the computer authenticating? And the server answers with "vlanid=25" in the first log entry.
Why do you have VLAN 25 configured as guest-vlan? The interface should join VLAN 25 untagged automatically with the 802.1X answer.
If you don't need the guest VLAN, could you undo it and try to authenticate again?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2017 05:32 AM
тАО06-13-2017 05:32 AM
Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.
Hi.
OK, we have partial success. After few modifications in configuration, the computers with Windows 10 are passing through authentication, but with Windows 7 not.
The example with authentication:
Slot ID: 2
User MAC address: 6400-6a8b-512b
Access interface: GigabitEthernet2/0/39
Username: host/DVDK6FFXTB2.*.pl
Authentication domain: system
Authentication method: EAP
Initial VLAN: 25
Authorization untagged VLAN: 847
Authorization tagged VLAN list: N/A
Authorization ACL ID: N/A
Authorization user profile: N/A
Authorization URL: N/A
Termination action: Default
Session timeout period: N/A
Online from: 2017/06/13 11:37:15
Online duration: 2h 43m 43s
Some logs here:
%Jun 13 13:31:40:102 2017 HP5900_DEV_ACCESS DOT1X/6/DOT1X_LOGIN_SUCC: -Slot=1; -IfName=GigabitEthernet1/0/9-MACAddr=9890-96c6-313d-VLANID=25-Username=host/DVDKCZC1233L9S.*pl; User passed 802.1X authentication and came online.
I'll try to remove Guest VLan nr 25 and let you know.
Thanks.
DD