Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.

 
Dranet
Visitor

HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.

Hi.

I have a strange problem with dot1x authentication on my new switch-es HP5900.

There are two switches with IRF, the configuration of the dot1x:

 dot1x
 dot1x authentication-method eap
 dot1x quiet-period

interface GigabitEthernet2/0/27
 port link-mode bridge
 dot1x
 dot1x port-method portbased
 dot1x guest-vlan 25

With Radius configuration.

The computer falls in Guest VLan allways, and in logs I have:

%Jun 11 23:49:49:152 2017 HP5900_DEV_ACCESS DOT1X/6/DOT1X_LOGIN_SUCC: -IfName=GigabitEthernet2/0/27-MACAddr=d481-d7c6-6c40-VLANId=25-UserName=host/CFMLPCHWS3G2.bre-leasing.com.pl; The user passed 802.1X authentication and got online successfully.

%Jun 11 23:49:49:160 2017 HP5900_DEV_ACCESS DOT1X/6/DOT1X_LOGOFF: -IfName=GigabitEthernet2/0/27-MACAddr=d481-d7c6-6c40-VLANId=25-UserName=host/CFMLPCHWS3G2.bre-leasing.com.pl-ErrCode=14; Session of the 802.1X user was terminated.

 What is it , where there are some problems ?

Thanks

DD

4 REPLIES
Linkk
Frequent Advisor

Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.

Hi Dranet,

the config seems fine so far. Could you provide us the corresponding log message of the 802.1X server?

 

 

Dranet
Visitor

Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.

Hi.

Thanks for the answer.

Here are the logs from Radius serwer:

x.y.110.z,host/LPCHWS3G2.*.com.pl,06/12/2017,01:03:33,IAS,MDC2,6,2,32,HP5900_DEV_ACCESS,5,33665049,61,15,31,D4-81-D7-C6-6C-40,30,D8-94-03-23-49-05,12,1450,87,slot=2;subslot=0;port=27;vlanid=25,4,x.y.110.z,4108,x.y.110.z,4116,0,4128,HP5900_DEV_ACCESS,4154,Use Windows authentication for all users,4155,1,4129,*\LPCHWS3G2$,25,311 1 g.h.100.y 05/18/2017 22:44:58 111416,4130,*.com.pl/Komputery/LPCHWS3G2,4127,5,4149,10.124 BRELDEV LAN,4136,1,4142,0

x.y.110.z,host/LPCHWS3G2.*.com.pl,06/12/2017,01:03:33,IAS,MDC2,25,311 1 g.h.100.y 05/18/2017 22:44:58 111416,27,30,4130,*.com.pl/Komputery/LPCHWS3G2,4149,10.124 BRELDEV LAN,4127,5,4108,x.y.110.z,4116,0,4128,HP5900_DEV_ACCESS,4154,Use Windows authentication for all users,4155,1,4129,*\LPCHWS3G2$,4136,11,4142,0

 

 

Linkk
Frequent Advisor

Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.

 

I suppose LPCHWS3G2 is the computer authenticating? And the server answers with "vlanid=25" in the first log entry.

Why do you have VLAN 25 configured as guest-vlan? The interface should join VLAN 25 untagged automatically with the 802.1X answer.

 If you don't need the guest VLAN, could you undo it and try to authenticate again?

Dranet
Visitor

Re: HP 5900 problem with dot1x / 802.1x ErrCode=14, Session of the 802.1X user was terminated.

Hi.

OK, we have partial success. After few modifications in configuration, the computers with Windows 10 are passing through authentication, but with Windows 7 not.

The example with authentication:

Slot ID: 2
User MAC address: 6400-6a8b-512b
Access interface: GigabitEthernet2/0/39
Username: host/DVDK6FFXTB2.*.pl
Authentication domain: system
Authentication method: EAP
Initial VLAN: 25
Authorization untagged VLAN: 847
Authorization tagged VLAN list: N/A
Authorization ACL ID: N/A
Authorization user profile: N/A
Authorization URL:  N/A
Termination action: Default
Session timeout period: N/A
Online from: 2017/06/13 11:37:15
Online duration: 2h 43m 43s

Some logs here:

%Jun 13 13:31:40:102 2017 HP5900_DEV_ACCESS DOT1X/6/DOT1X_LOGIN_SUCC: -Slot=1; -IfName=GigabitEthernet1/0/9-MACAddr=9890-96c6-313d-VLANID=25-Username=host/DVDKCZC1233L9S.*pl; User passed 802.1X authentication and came online.

I'll try to remove Guest VLan nr 25 and let you know.

Thanks.

DD