Re: 1920-24G (JG924A) Switch 802.1x and QNAP RADIUS Server

MetzingerAn · ‎06-23-2015

Hi!

I want to secure my LAN.

I'm using the 1920-24G switch and I want grant access only after sucessful authentication over 802.1x on my QNAP RADIUS server.
First I configured port 17-24 for 802.1x. My QNAP NAS ist connected on port 1. NTRADPING test was sucessful.

I can see this attempt on the QNAP log file.

Now I plugged a network printer on port 17. The MAC address is configured as a RADIUS user (username and password is the MAC address). But neither can I access the printer nor see any authentication attempt on my QNAP log file...
It seems that the switch is not corresponding with the QNAP.

Here's the switch config:

#
 version 5.20.99, Release 1105
#
 sysname HP 1920G Switch
#
 clock timezone Amsterdam add 01:00:00 
#
 domain default enable system 
#
 ipv6
#
 telnet server enable 
#
 dot1x
 dot1x quiet-period
#
 password-recovery enable
#
igmp-snooping
#
vlan 1
 igmp-snooping enable
 igmp-snooping version 3
#
vlan 1000
 description guest
#
vlan 2000
 description auth_failed
#
radius scheme radius
 primary authentication 192.168.179.254 key cipher $c$3$GqhwzNSunF/jrCVEGmUEGJA9oP5kmDwP+6rU
 key authentication cipher $c$3$/OvoBzt1ztuE4L5cLKGlRWsVphE9RCWBKm1n
 user-name-format without-domain
#
domain system 
 authentication lan-access radius-scheme radius local
 authorization lan-access radius-scheme radius local
 accounting lan-access radius-scheme radius local
 access-limit disable 
 state active 
 idle-cut disable 
 self-service-url disable 
#
user-group system
 group-attribute allow-guest
#
local-user admin
 password cipher $c$3$ClC6Rp/yDC8ZnkvnhF5GSBUTxzTlcO2hGs4=
 authorization-attribute level 3
 service-type telnet terminal
 service-type web
#
 stp mode rstp
 stp enable
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.179.253 255.255.255.0 
#
interface GigabitEthernet1/0/1
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/2
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/8
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/9
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/12
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/13
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/14
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/15
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/16
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/17
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/18
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1000 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/19
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1000 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/20
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1000 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/21
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1000 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/22
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1000 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/23
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1000 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/24
 port auto-power-down
 stp edged-port enable
 dot1x guest-vlan 1000 
 dot1x auth-fail vlan 2000 
 dot1x 
#
interface GigabitEthernet1/0/25
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 stp edged-port enable
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.179.1
#
 ntp-service unicast-server 88.198.180.55
#
 load xml-configuration 
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 15
 authentication-mode scheme
#
return

What am I doing wrong?

Thank you in advance for your help!

Andy

MetzingerAn · ‎06-29-2015

Any thoughts? Nothing?

Or is there a "how-to" on doing 802.1x with a linux radius server (freeRADIUS) with my 1920-24G switch?

Thanks in advance

Andy

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: 1920-24G (JG924A) Switch 802.1x and QNAP RADIUS Server

1920-24G (JG924A) Switch 802.1x and QNAP RADIUS Server

Re: 1920-24G (JG924A) Switch 802.1x and QNAP RADIUS Server