HPE Community
Switches, Hubs, and Modems
1752729 Members
5990 Online
108789 Solutions
New Discussion юеВ

Re: 802.1X on ProCurve 2650 switch

 
WCL_1
Occasional Advisor

тАО08-24-2006 07:41 AM

тАО08-24-2006 07:41 AM

802.1X on ProCurve 2650 switch

I'm trying to setup 802.1X authentication on a 2650 switch, but am running into some problems.
Here is my AAA switch configuration:

aaa authentication port-access eap-radius
radius-server host 1.2.3.4 key radiuskey
aaa port-access authenticator 19
aaa port-access authenticator active

I'm using a Windows 2003 IAS server as my Radius server. This server also does 802.1X for my HP420 access point successfully.

I want to use certificate authentication with our local CA. The laptop has a certificate, but when I turn on AAA on the switch I get a pop up error in the system tray that says:
"Windows was unable to find a certificate to log you on to the network"

The client is running Windows XP SP2. I don't see any activity in the IAS log, but that might make sense if the client doesn't attempt to authenticate.

Any help would be appreciated.

Thanks.
0 Kudos
7 REPLIES 7
Mohieddin Kharnoub
Honored Contributor

тАО08-24-2006 05:27 PM

тАО08-24-2006 05:27 PM

Re: 802.1X on ProCurve 2650 switch

Hi

- Can your switch access your local CA ?
- Can you verify your Switch Certificate?
- Can you verify host certificate is available on the switch ?

Use the show commands to verify your setup since the RADIUS is working fine, and you don;t get any activity in the IAS log.

Good Luck !!!
Science for Everyone
0 Kudos
WCL_1
Occasional Advisor

тАО08-25-2006 12:28 AM

тАО08-25-2006 12:28 AM

Re: 802.1X on ProCurve 2650 switch

The switch can connect to the CA, but my understanding is it does not need to. The switch should pass the comptuer certificate on to the RADIUS server and it does the validation.
This is how our 420 Access Point is setup anyway and I'm assuming setup will be similar. No certificates have been issued to the 420.
I did verifiy the RADIUS settings. The IP is correct and I've entred the key a few times to make sure I didn't miskey. Although even if the key is wrong I should be seeing something in the IAS logs.
I'm trying this on two differnt switches with two different PCs and two different RADIUS servers and getting the same result in both setups, so I'm definitly doing something wrong here.

Thanks for the reply.
0 Kudos
bscheible
Occasional Advisor

тАО08-25-2006 12:58 AM

тАО08-25-2006 12:58 AM

Re: 802.1X on ProCurve 2650 switch

Are you using MSCHAP v2? You can authenticate the computers and have a certificate infrastructure by having a machine certificate on the IAS server only. Configure local computer for protected eap and uncheck using windows logon credentials when available. There is also a reg setting to force machine credentials always. This process will authenticate computer credentials that are members of the AD domain. If they are not they will be denied access.
0 Kudos
Big Tom Davis
Advisor

тАО08-25-2006 08:01 AM

тАО08-25-2006 08:01 AM

Re: 802.1X on ProCurve 2650 switch

What version of code are you running? I would call support. I think there is a new "test" version of code that fixes 802.1x issues with 2560's
0 Kudos
WCL_1
Occasional Advisor

тАО08-25-2006 08:04 AM

тАО08-25-2006 08:04 AM

Re: 802.1X on ProCurve 2650 switch

I'm using firmware revision H.08.98, which I believe is the latest.

I was trying the sugesstions in the previous post as well with MSCHAP v2, but haven't had any luck yet. Although I haven't had a lot of time today to play with it.
0 Kudos
Big Tom Davis
Advisor

тАО08-25-2006 08:57 AM

тАО08-25-2006 08:57 AM

Re: 802.1X on ProCurve 2650 switch

I too was running H.08.98... I got sent .105 and all started working....
0 Kudos
WCL_1
Occasional Advisor

тАО08-25-2006 09:05 AM

тАО08-25-2006 09:05 AM

Re: 802.1X on ProCurve 2650 switch

Thanks for the tip, I'll try to get that version.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.