Re: Dot1x - with 3COM 4210

joxer123 · ‎12-07-2011

Hi all,

pls help with issue bellow.

I need to setup port-based authenticatoin 802.1x with RADIUS server / Microsoft NPS 2008 / - After my configuration seem everything fine only 3com tell me Failed auth. and end user dont connect to the VLAN1 and stay in unauth state :(

1. 3Com CFG configuration

domain default enable system

dot1x
dot1x authentication-method eap

radius scheme system
server-type standard
primary authentication 172.16.5.19 key secret

domain system
scheme radius-scheme system
scheme login local
authentication lan-access radius-scheme system
authorization login local

interface Ethernet1/0/4
stp edged-port enable
loopback-detection enable
dot1x

di dot1x - command

Ethernet1/0/4 is link-up
   802.1X protocol is enabled
   Proxy trap checker is disabled
   Proxy logoff checker is disabled
   Version-Check is disabled
   The port is an authenticator
   Authentication Mode is Auto
   Port Control Type is Mac-based
   ReAuthenticate is disabled
   Max number of on-line users is 256

   Authentication Success: 0, Failed: 49
   EAPOL Packets: Tx 369, Rx 393
   Sent EAP Request/Identity Packets : 113
        EAP Request/Challenge Packets: 0
   Received EAPOL Start Packets : 136
            EAPOL LogOff Packets: 0
            EAP Response/Identity Packets : 257
            EAP Response/Challenge Packets: 0
            Error Packets: 0
1. Unauthenticated user : MAC address: 001f-29d7-70d4

Network Monitor 3.4 on NPS server

Everything look fine :(

NPS 2008 server

Is there some specail vendor specific for 3COMs? Or could anybody help me with that?

Thank you all for reply

Jan

Ulrich Saur · ‎03-01-2012

Hi Jan,

generally I would add a new RADIUS scheme for NPS authentication like

radius scheme nps

primary authentication ...

In the domain you have to refer to the scheme and add authorization:

domain <whatever>

authentication lan-access radius-scheme nps
authorization lan-access radius-scheme nps
accounting lan-access radius-scheme nps

...

If you miss the authorization it will not work!

Regards,
Uli

Ulrich Saur · ‎03-01-2012

Oops, this post was really old! This forum is not really alive, is it?!

Regards,
Uli

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Dot1x - with 3COM 4210

Dot1x - with 3COM 4210

Re: Dot1x - with 3COM 4210

Re: Dot1x - with 3COM 4210