- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 802.1x authentication issue on HP 5412 switch
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-03-2010 10:16 AM
тАО03-03-2010 10:16 AM
802.1x authentication issue on HP 5412 switch
I have a switch HP 5412zl. I have a NAP w2k8 r2 server. I have a wired w7 wks. I have HP Procurve with IDM 3.
I used
http://www.microsoft.com/downloads/details.aspx?FamilyID=8a0925ee-ee06-4dfb-bba2-07605eff0608&displaylang=en
http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S5_ProCurve-IDM-NAP-integration-final-081108.pdf
and I can't see any auth conversation, nothing gets to the NAP/Radius, I used Net Monitor 3.3 to see what's going on. And as far as I can see my configurations are right, see the HP switch config attached
Anyways, I don't know...
Thanks!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-03-2010 03:12 PM
тАО03-03-2010 03:12 PM
Re: 802.1x authentication issue on HP 5412 switch
As I see it, your switch config looks ok.
You say no authentication requests seem to be coming from the switch to the server, so that really indicates either switch config, switch can't talk to the server, or client config.
A good resource for client configs is here: http://tinyurl.com/8021X-supplicant-1
If the client config is good and the switch can ping the server, then something has to be happening (I read that somewhere ;-)
So, if all above looks good, then try the following:
1) If the IDM agent is "started" on the W2K8/NAP server, shut that service down and troubleshoot this problem one step at a time.
2) Look at the "radius log" to see if radius (NAP) is even trying to authenticate the client request and/or what (if any) errors it is generating?
On the W2K8 server, look at:
event viewer/custom views/server roles/network policy and access services and see if any switch-to-NAP (radius) transactions are occurring.
Most common radius (NAP)/AD issues are (after basic switch-to-radius comms work):
1) switch is not defined as a radius client
2) NAP policy, either "connection request policies" and/or "network policies" are not configured correctly, meaning a failure to pass a test
3) AD uid/pw/group membership issue
If you resolve any issues that are in radius/AD, then restart the IDM Agent service and then see what the radius log info indicates, as well as what the IDM log indicates.
Troubleshooting IDM can get really tricky and especially more so if you have a fundamental radius problem before IDM can even do its testing.
hth...Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-03-2010 06:07 PM
тАО03-03-2010 06:07 PM
Re: 802.1x authentication issue on HP 5412 switch
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2010 06:26 AM
тАО03-04-2010 06:26 AM
Re: 802.1x authentication issue on HP 5412 switch
Jeff reply: when a switch port is configured for 802.1X auth, and then a device (computer in this case) is connected, the switch basically sends an "EAP Identity Request" packet to the device, if the device is configured correctly, then it will send an "EAP Identity Response", then the switch will repackage that info and send to radius a "RADIUS Access Reuqest".
These comms between the client and switch are all at layer2, as there is no IP address available yet. This is what EAP provides, layer2 comms.
So, it looks to me like the issue is with the client-to-switch initial comms.
hth...Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2010 08:45 AM
тАО03-04-2010 08:45 AM
Re: 802.1x authentication issue on HP 5412 switch
source my workstations MAC - destination 01-80-c2-00-00-03
source my switch MAC - destination 01-80-c2-00-00-03
That's all I found. What is this? I have no idea where to start to troubleshoot. I mean I googled the MAC address 01-80-c2-00-00-03 and I found out it's a standard of some sort, but how do I make it work?
This is all so exciting, but it shows that I don't really know too much about networking...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2010 08:50 AM
тАО03-04-2010 08:50 AM
Re: 802.1x authentication issue on HP 5412 switch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2010 09:42 AM
тАО03-04-2010 09:42 AM
Re: 802.1x authentication issue on HP 5412 switch
So I'd say it looks like client is not properly configured for 802.1X.
The full trace and the mac addresses of switch and client would help alot in troubleshooting this issue.