HPE Community
Switches, Hubs, and Modems
1753511 Members
5485 Online
108795 Solutions
New Discussion

Re: Can´t get Web authentication on HP Procurve 6200yl working

 
MullT
Frequent Advisor

‎09-24-2008 02:18 AM

‎09-24-2008 02:18 AM

Can´t get Web authentication on HP Procurve 6200yl working

Hi,

I just got some new HP 6200yl (firmware 13.25) swtiches. I followed the steps (at least I thought so) to setup Web Authentication with RADIUS-Server an PEAP+MS-CHAPv2.

My problem is, that when I connect the test computer to the appropriate port, it doesn´t get the "public" IP address from the switch and therefore I can´t login on the web login page.

show port-security... says that that web authentication is enabled, but it simply doesn´t work.

I am just asking myself whether I forgot something to configure?
0 Kudos
8 REPLIES 8
Jeff Carrell
Honored Contributor

‎09-24-2008 04:21 AM

‎09-24-2008 04:21 AM

Re: Can´t get Web authentication on HP Procurve 6200yl working

hmmm...a 'show run' would help...

also, what "brand" of radius server are you running?

----------

here are minimal commands needed on the switch to make 802.1X auth work:
--
radius-server host 10.1.1.202

aaa authentication port-access eap-radius

aaa port-access web-based 13
aaa port-access authenticator active
--
the last command is quite often overlooked and is required to make 802.1X auth work...and if its not there, the result is basically what you are seeing...

hth...jeff
0 Kudos
MullT
Frequent Advisor

‎09-24-2008 04:31 AM

‎09-24-2008 04:31 AM

Re: Can´t get Web authentication on HP Procurve 6200yl working

Hi,

it´s a Windows 2003 Server with IAS/RADIUS on.
This is already working for weeks with Wireless LAN and 802.1X.

I´ll reset the switch and try it again with your instructions. Let´s see whether it will work then


thanks in advance
0 Kudos
Jeff Carrell
Honored Contributor

‎09-24-2008 05:42 AM

‎09-24-2008 05:42 AM

Re: Can´t get Web authentication on HP Procurve 6200yl working

you'll also need to have a remote access policy in IAS linked to the web-auth group for web-auth users if you don't already have it configured...

also2, the web-auth userid needs to have its password set for reverse encryption, so if you've already set the pw, you need to set the option for reverse encryption and then reset the password so it now stores it in reverse encrypted form...

finally, if you look at the event viewer/system/IAS log entries, this provides the best information for 802.1X operations troubleshooting...


hth...jeff
0 Kudos
Matt Hobbs
Honored Contributor

‎09-24-2008 09:08 PM

‎09-24-2008 09:08 PM

Re: Can´t get Web authentication on HP Procurve 6200yl working

I'm pretty sure that now MS-CHAPv2 is supported, you don't need to enable reversible encryption. It was only for CHAP/MD5 if my memory serves me correctly.
0 Kudos
Jeff Carrell
Honored Contributor

‎09-24-2008 10:20 PM

‎09-24-2008 10:20 PM

Re: Can´t get Web authentication on HP Procurve 6200yl working

i concur with matt's comments...

i was operating in the "old days mode", reversible encryption is not needed in K.13.xx code for web-auth/mac-auth...

it is needed for switch management authentication and for PEAP-MD5...


good catch matt :-)

cheers...jeff
0 Kudos
MullT
Frequent Advisor

‎09-26-2008 12:04 AM

‎09-26-2008 12:04 AM

Re: Can´t get Web authentication on HP Procurve 6200yl working

Hi,

tried it again, but it doesn´t work. I don´t get an IP via the inbuilt dhcp service of the switch.

ProCurve Switch 6200yl-24G(config)# show run

Running configuration:

; J8992A Configuration Editor; Created on release #K.13.25

hostname "ProCurve Switch 6200yl-24G"
module 1 type J8992A
ip default-gateway 132.45.23.240
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 132.45.23205 255.255.254.0
ip igmp
exit
qos type-of-service diff-services
aaa authentication port-access eap-radius
aaa authentication web-based peap-mschapv2
radius-server key 12345678
radius-server host 132.45.29.33 key '12345678'
no ip ssh
aaa port-access authenticator 24
aaa port-access authenticator 24 client-limit 32
aaa port-access authenticator active
aaa port-access web-based 20,23-24
aaa port-access web-based dhcp-addr 192.168.0.0 255.255.255.0
spanning-tree
password manager
password operator

ProCurve Switch 6200yl-24G(config
0 Kudos
Jeff Carrell
Honored Contributor

‎09-26-2008 08:04 AM

‎09-26-2008 08:04 AM

Re: Can´t get Web authentication on HP Procurve 6200yl working

hmmm, as i see the config, it all looks good...

dumb question from me, the device connecting to one of the web-auth ports is set to dhcp an address - yes?

also, when you do a 'sh port-a web' the web-auth ports should be in closed state...


not sure what the deal is now...
0 Kudos
MullT
Frequent Advisor

‎09-29-2008 12:08 AM

‎09-29-2008 12:08 AM

Re: Can´t get Web authentication on HP Procurve 6200yl working

Hi,

of course DHCP is enabled...
Has anyone another idea, what the problem could be?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.