- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Wired authentication failed
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2017 04:58 AM
тАО01-24-2017 04:58 AM
Wired authentication failed
Hi,
i have configured HP A5500 switch to authenticate users on the ports with NPS server
the switch configurations is as follows
dot1X
radius nas-ip 10.211.0.53
dot1x authentication-method eap
mac-authentication domain fmcdom
radius scheme radius1
primary authentication 10.211.0.53
primary accounting 10.211.0.53
key authentication cipher $c$3$OiaiAtppjUk0DHbORW5XZKm8/UAy5nWq
key accounting cipher $c$3$BiHDcmLUymY2hKlsasEbfhxp5jpIo1jx
nas-ip 10.211.0.53
domain system
authentication lan-access radius-scheme radius1 local
authorization lan-access radius-scheme radius1 local
accounting lan-access radius-scheme radius1 local
access-limit enable 30
state active
idle-cut enable 20 10240
self-service-url disable
then port settings
port access vlan 11
dot1x
=============================
but when i connect the cable it give authentication failed with my domain\username in the log....
can anyone help please
i need to configure this feature to authenticate computers with domain valid domain account on the network rather than using port-security.
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2017 03:55 PM
тАО01-26-2017 03:55 PM
Re: Wired authentication failed
In the port configuration, try these parameters:
undo dot1x handshake dot1x mandatory-domain fmcdom dot1x port-method portbased dot1x
ATP FLEXNETWORK V3 | ACSA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2017 09:45 PM
тАО01-29-2017 09:45 PM
Re: Wired authentication failed
still the same
how to know where the problem is?
[FMC-Mezz-A2]dis dot1x inter g5/0/1
Equipment 802.1X protocol is enabled
EAP authentication is enabled
EAD quick deploy is disabled
Configuration: Transmit Period 30 s, Handshake Period 15 s
Quiet Period 60 s, Quiet Period Timer is disabled
Supp Timeout 30 s, Server Timeout 100 s
Reauth Period 3600 s
The maximal retransmitting times 2
EAD quick deploy configuration:
EAD timeout: 30 m
The maximum 802.1X user resource number is 1024 per slot
Total current used 802.1X resource number is 0
GigabitEthernet5/0/1 is link-up
802.1X protocol is enabled
Handshake is disabled
Handshake secure is disabled
802.1X unicast-trigger is disabled
802.1X user-ip freeze is disabled
Periodic reauthentication is enabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Port-based
802.1X Multicast-trigger is enabled
Mandatory authentication domain: fmcdom
Guest VLAN: NOT configured
Auth-Fail VLAN: NOT configured
Critical VLAN: NOT configured
Critical recovery-action: NOT configured
Max number of on-line users is 256
EAPOL Packet: Tx 519, Rx 85
Sent EAP Request/Identity Packets : 477
EAP Request/Challenge Packets: 0
EAP Success Packets: 0, Fail Packets: 29
Received EAPOL Start Packets : 31
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 34
EAP Response/Challenge Packets: 0
Error Packets: 0
Controlled User(s) amount to 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2017 05:25 AM
тАО01-30-2017 05:25 AM
Re: Wired authentication failed
is there any configuration template that i can use it?
contains port configuration and switch global configuration ?
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2017 06:42 AM
тАО01-30-2017 06:42 AM
Re: Wired authentication failed
Don't get me wrong but you have set your NAS-IP to the same as your radius server IP
As Per RFC2865:
This Attribute indicates the identifying IP Address of the NAS which is requesting authentication of the user, and SHOULD be unique to the NAS within the scope of the RADIUS server. NAS-IP-Address is only used in Access-Request packets. Either NAS-IP-Address or NAS-Identifier MUST be present in an Access-Request packet.
so this suppossed to be the source IP of your switch requesting at the RADIUS, do you have the NAS-IP├Ь (switch IP configured at the RADIUS as RADIUS client with the same secret ? otherwise your RADIUS (NPS) is not answering the request et all
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2017 11:05 PM
тАО01-30-2017 11:05 PM
Re: Wired authentication failed
thanks for the information, now my configs are as follows
radius nas-ip 10.211.10.18
domain default enable system
dot1x
dot1x authentication-method eap
radius scheme radius1
primary authentication 10.211.0.53
primary accounting 10.211.0.53
key authentication cipher password
key accounting cipher password
user-name-format without-domain
nas-ip 10.211.10.18
#
domain system
authentication lan-access radius-scheme radius1 local
authorization lan-access radius-scheme radius1 local
accounting lan-access radius-scheme radius1 local
access-limit enable 30
state active
idle-cut enable 20 10240
self-service-url disable
interface GigabitEthernet5/0/1
port link-mode bridge
port access vlan 11
undo voice vlan mode auto
voice vlan 110 enable
apply poe-profile index 1
stp edged-port enable
dot1x re-authenticate
undo dot1x handshake
dot1x mandotory-domain system
dot1x port-method portbased
dot1x
is it correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2017 01:26 AM
тАО02-16-2017 01:26 AM
Re: Wired authentication failed
What happens on your RADIUS, did you already debug messages to / from it ?
Do you see ACCESS_request messages arriving ?
Does your RADIUS answers with ACCESS_accept ?