Re: 802.1x doesn't work after formware upgrade 10.43 to 10.67

Mario Laniel · ‎10-30-2008

Hi all,

On HP 2824 switches after upgrading the firmware 802.1x port-access stopped working, I have over 50 switches so it's a mess. Does anyone know anything about that issue?

Thanks,

cenk sasmaztin · ‎10-30-2008

hi Mario please send me sh tech print

cenk

Mario Laniel · ‎10-30-2008

Here you go

Thanks,

Carsten M · ‎10-30-2008

Hi Mario!

Is it a FW- Problem or a Client- Problem on Windows- Machines. We have a same problem on same winxp machines. After an windowsupdate i miss under LAN connections -> properties the 3. panel for 802.1x. Therefore, I think it's a problem from windows.

cm60

cenk sasmaztin · ‎10-31-2008

hi Mario
I casn see one port authenticator on switch
is this true

if this is true

copy and paste my config on switch and retest

hostname
snmp-server contact
snmp-server location
web-management management-url ""
time timezone -300
time daylight-time-rule Continental-US-and-Canada
interface 1
no lacp
exit
interface 21
no lacp
exit
interface 23
no lacp
exit
interface 24
no lacp
exit
trunk 23 Trk1 Trunk
trunk 24 Trk2 Trunk
trunk 21 Trk24 Trunk
ip default-gateway 132.246.17.1
sntp server 132.246.20.2
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
snmp-server community "private" Unrestricted
snmp-server host 132.246.17.24 "private"
vlan 1
name "DEFAULT_VLAN"
untagged 1-20,22,Trk1-Trk2,Trk24
ip address 132.246.17.112 255.255.255.0
exit
stack join 001560faf7a0
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 132.246.17.24 key Paris1
aaa port-access authenticator 1
aaa port-access authenticator active
aaa port-access 1
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk24 priority 4

cenk

Mario Laniel · ‎10-31-2008

Carsten,

the problem is with the firmware, I have a testing switch with firmware I.10.43 and it works just fine but when I put I.10.67 it doesn't work anymore and if I revert back to the I.10.43 everything works just fine.

Mario Laniel · ‎10-31-2008

Cenk,

I just tried your config and it still the same thing, you just added one line "aaa accounting network start-stop radius" right?

Thanks for the help, I'll keep on digging.

Mario Laniel · ‎10-31-2008

Cenk,

As you can see authentication does not happen:

TestingSW1(config)# sho port-access authenticator

Port Access Authenticator Status

Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No

Current Current
Port Status VLAN ID Port COS
---- ------ -------- -----------
1 Closed 1 No-override

From the PC the network icon tells me "validating identity" and after about 30 seconds or so it says "Authentication failed".

cenk sasmaztin · ‎10-31-2008

can you see any log on switch ?
like can't reach radius server

can you ping to radius server on switch?

can you make recently update xp service pack 3

cenk

Mario Laniel · ‎10-31-2008

Hi Cenk,

nothing in the log and I can ping the radius server no problem;

TestingSW1# sho logging
Keys: W=Warning I=Information
M=Major D=Debug
---- Event Log listing: Events Since Boot ----
M 01/01/90 00:00:06 sys: 'System reboot due to Power Failure'
I 01/01/90 00:00:06 system: --------------------------------------------------
I 01/01/90 00:00:06 system: System went down without saving crash information
I 01/01/90 00:00:29 udpf: DHCP relay agent feature enabled
I 01/01/90 00:00:29 stack: Stack Protocol enabled
I 01/01/90 00:00:29 tftp: Enable succeeded
I 01/01/90 00:00:29 system: System Booted.
I 01/01/90 00:00:29 cdp: CDP enabled
I 01/01/90 00:00:29 lldp: LLDP - enabled
I 01/01/90 00:00:30 ssl: SSL HTTP server enabled on TCP port 443
I 01/01/90 00:00:31 ports: trunk Trk1 is now active
I 01/01/90 00:00:31 ports: port 23 in Trk1 is now on-line
I 01/01/90 00:00:31 ports: port 24 in Trk1 is now on-line
I 01/01/90 00:00:31 ip: network enabled on 10.1.1.10
I 01/01/90 00:05:09 mgr: SME TELNET from 132.246.17.8 - MANAGER Mode
I 01/01/90 00:05:16 tftp: RRQ from 132.246.17.24 for file running-config
I 01/01/90 00:05:16 tftp: Transfer completed
I 01/01/90 00:05:30 mgr: SME TELNET from 132.246.17.24 - MANAGER Mode
I 01/01/90 00:05:36 mgr: SME TELNET from 132.246.17.24 - MANAGER Mode
I 01/01/90 00:05:43 mgr: SME TELNET from 132.246.17.24 - MANAGER Mode
---- Bottom of Log : Events Listed = 20 ----
TestingSW1# ping 132.246.17.24
132.246.17.24 is alive, time = 1 ms

Has for the update on the station, yes they are running XP SP3 and I've fixed my LAN card profile. The same machine hooked up to that switch with firmware I.10.43 works just fine but when I install I.10.67 it stops working.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: 802.1x doesn't work after formware upgrade 10.43 to 10.67

802.1x doesn't work after formware upgrade 10.43 to 10.67