- Community Home
- >
- Networking
- >
- IMC
- >
- Re: IMC UAM 802.1X
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2016 08:09 AM
01-20-2016 08:09 AM
Good afternoon everyone,
Let me explain my configuration :
MSchapV2 for the authentication, EAP-PEAP. So i want to authenticate users in a domain(or not for test purpose).
I put IMC on the DC windows ( there is no more specifications on IMC UAM E0403 for the fonctional forest 2003 or 2008).
Some steps :
I enabled with/without domain on NAC and / delimiters parameters.
I can export LDAP users to UAM
UAM EAP ROOT and SERV generated from AD CS
I can join Microsoft Client to a domain.
Topology :
ActiveDirectory-----IMC----NAC(A5120EI)-------EndUser(Linux-Windows-Mac)
- iMC PLAT 7.2 (E0403)
- IMC UAM 7.2 (E0403)
- Windows Server 2012 Standard ( Active Directory)
- CentOS 6.7 & MySQL5.1
Problem :
My 802.1X is working on Linux, there is no disconnection on link state.
On windows 8 and MacOS10.11, the 802.1X is disconnected after 3-5 seconds and tried to reconnect (not stable).
But there are no logs in the IMC's GUI cause all clients can reach the network though 802.1X.
I share you interesting debugs/traces.
(The StartChapV2JServer_2016-01-20.log shown the exemple of default configuration...)
Thanks for your time.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2016 01:01 PM
01-20-2016 01:01 PM
Re: IMC UAM 802.1X
Can you share some screenshots or description of the options set in your Access Service, Access Policy, and maybe your LDAP sync policy as well?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2016 03:07 AM
01-21-2016 03:07 AM
Re: IMC UAM 802.1X
Hello,
I shared all the process.
The authentification still works for users, the NAC tells me the user of the domain is ok.
But I still have this issue on Windows and Mac.
I submit domain/user + password. the switch said ok, i have my dhcp pushed over 802.1x and I can access to all the network, after 3-5 secondes Windows Network Manager change the message : Active Connection to Authentication attempt.
( I did not put more informations on the switch, i just pushed the AAA through the Access Device Management)
Can it be a certificate problem ?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2016 04:14 PM - edited 01-21-2016 04:15 PM
01-21-2016 04:14 PM - edited 01-21-2016 04:15 PM
Re: IMC UAM 802.1X
Reviewing your png's looks like you are using 7.2? I'm not there yet, looks like there are a few changes.
If you have used your AD's certs for root and server these should be good. Remember that these do not auto renew, so manually renew before they expire.
In 802.1x config on client make sure the client has the root cert checked as trusted CA OR uncheck the validate server certificate. If validate is checked and no cert = fail
I notice your max Bound & Online endpoints is set to 0 - that may NOT be unlimited, so try setting these at a value. I've posted my service and access policy settings from 7.1
Your LDAP settings look good.
On switch I did set other params for ports but the basic deploy should work. I'm using both MAC and 802 so I have service policy/service for each
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2016 03:40 AM
01-25-2016 03:40 AM
SolutionHello,
Thanks for your time.
I found my problem with Windows and Mac Machines.
On linux, the dot1x is stable.
But for Windows users i need undo dot1x handshake on my HP switch. Windows cant' handle connection more than 2 minutes. The message Media State still display Attempt if you do not put undo dot1x handshake on the specific port.
Now, it works great GPO+802.1X+DC.