- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: HP2524, 802.1x and EAP-Radius
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2006 07:37 AM
11-10-2006 07:37 AM
trying to get my HP 2524 procurve switches to use 802.1x to dynamically set the vlan on the interfaces. Things seem to be communicating but I am getting the following errors in my Windows 2003 server running IAS:
User Administrator@net.artstest.ualberta.ca was denied access.
Fully-Qualified-User-Name = net.artstest.ualberta.ca/Users/Administrator
NAS-IP-Address = 192.168.1.60
NAS-Identifier = HP ProCurve Switch 2524
Called-Station-Identifier = 00-0a-57-9b-c6-aa
Calling-Station-Identifier = 00-00-39-6d-35-ae
Client-Friendly-Name = test switch
Client-IP-Address = 192.168.1.60
NAS-Port-Type = Ethernet
NAS-Port = 10
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = Connections to other access servers
Authentication-Type = EAP
EAP-Type =
Reason-Code = 66
Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.
the switch is configured like this:
aaa authentication port-access eap-radius
radius-server host 192.168.1.50 key testkey
aa port-access authenticator active
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2006 03:07 PM
11-10-2006 03:07 PM
Re: HP2524, 802.1x and EAP-Radius
You are missing one command that configure the Switch to be an Authenticator for specific ports :
aaa port-access authenticator < port-list > [ control < authorized | auto | unauthorized >]
This command configures the individual ports you want to operate as 802.1X authenticators for point-to-point links to 802.1X-aware clients or switches.
Say you have port 1 connected to this 802.1x client, the command you should add is like this:
2824(config)#aaa port-access authenticator 1 control auto
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2006 09:08 AM
11-11-2006 09:08 AM
Re: HP2524, 802.1x and EAP-Radius
After posting I messed around with the setup and I think I know the problem. I don't think the Procurve 2524 switches can do what I want it to do, hopefully someone can prove me wrong. I want to have the Microsoft 802.1x supplicant to auto authenticate to the radius using a Certificate being pushed to my clients, using eap-tls. Switch is setup with eap-radius, but for whatever reasong the remote access policy , Microsoft IAS, will not determine the eap-type.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2006 11:13 AM
11-11-2006 11:13 AM
Re: HP2524, 802.1x and EAP-Radius
Check the IAS logs for some other clues maybe?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2006 04:16 PM
11-11-2006 04:16 PM
SolutionI can prove you that your Setup from the ProCurve side will work for sure.
If you notice that, in the Warning entry you posted:
----------------------------------------
Authentication-Server =
Policy-Name = Connections to other access servers
Authentication-Type = EAP
EAP-Type =
----------------------------------------
EAP type is not determined and this is a normal output in the event viewer.
What i think (and 99% sure) that Windows 802.1x supplicant can't do that, and you need another supplicant to do that.
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2006 05:02 AM
11-12-2006 05:02 AM
Re: HP2524, 802.1x and EAP-Radius
I was doing some searching and I was going to use another supplicant, probably wpa_supplicant, of if I can get an eval of one of the commercial supplicants.
Will let you know
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2006 07:00 AM
11-13-2006 07:00 AM
Re: HP2524, 802.1x and EAP-Radius
Will keep you updated on this issue.
User Administrator@net.artstest.ualberta.ca was denied access.
Fully-Qualified-User-Name = net.artstest.ualberta.ca/Users/Administrator
NAS-IP-Address = 192.168.1.60
NAS-Identifier = HP ProCurve Switch 2524
Called-Station-Identifier = 00-0a-57-9b-c6-ac
Calling-Station-Identifier = 00-00-39-6d-35-ae
Client-Friendly-Name = test switch
Client-IP-Address = 192.168.1.60
NAS-Port-Type = Ethernet
NAS-Port = 12
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = wired_eap-tls
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2006 09:20 AM
11-13-2006 09:20 AM
Re: HP2524, 802.1x and EAP-Radius
Will update when I figure this out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2006 09:39 AM
11-16-2006 09:39 AM
Re: HP2524, 802.1x and EAP-Radius
To correct the error #16 and the Validate server Certificate issue you need to go through a document called:
Build Guide â Implementing the Wireless LAN Security Infrastructure.pdf
It will walk you through some certificates and how to create them. Url is:
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/pkiwire/BGCH09.mspx?pf=true
Good Luck.