- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Securing access using 802.1x
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 12:43 AM
тАО04-05-2006 12:43 AM
The switches in question are ProCurve 2626, 2650 and 5300 series.
I've read as much documentation as I can find, but the HP manuals don't seem to really cover port based authentication to RADIUS/AD.
All switches use the DEFAULT_VLAN, and I'm not (initially) looking to put clients into VLAN's in the IAS access policy.
The test I'm trying at the moment involves one Win2k host with the MS 802.1x client. It is connected to Port 5 on a 2626 switch. The switch is now configured (as best as I can tell) to request 802.1x authentication from the IAS server, which is accessible to the switch (over IP) and is plugged into port 7.
The AAA/RADIUS config entered into the switch is;
aaa authentication num-attempts 5
aaa authentication port-access eap-radius
radius-server dead-time 5
radius-server host
aaa port-access authenticator active
aaa port-access supplicant 5
I want the clients (2k/XP) to authenticate using PEAP and certicates from our local CA.
When the Win2k client is switched on, it connects fine to the network. When I check the status on the switch, I see nothing that would indicate 802.1x authentication has been used against the IAS server.
'show port-acc auth' displays nothing
'show port-acc supplicant' says that port 5 is authenticated, but the IAS server is showing no connection from the switch (it's configured to log all activity).
'sh auth' shows that the primary login type for port-access *is* EapRadius
'sh vlan 1' says the port Mode is 'untagged' and 'up', but does now show it has been authenticated using 802.1x
The switch log shows nothing for port 5 other than 'offline' then 'online'. I've also tried turning of LACP on port 5, but no change.
I'm missing something here, but I can't see what!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 01:28 AM
тАО04-05-2006 01:28 AM
SolutionI think you need to have your port 5 as an authenticator and not a supplicant:
aaa port-access authenticator 5
Supplicant is used to authenticate switch to switch 802.1x connections.
Everything else looks about right.
I found this document handy for configuring the 2003 side of 802.1x in the past:
http://www.foundrynet.com/solutions/appNotes/PDFs/8021xAuthenticationWithActiveDirectory.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 03:41 AM
тАО04-05-2006 03:41 AM
Re: Securing access using 802.1x
I've set up an entire wireless network using 802.1x/EAP/RADIUS, but I guess I just misread the HP command line help on the subject.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 09:40 PM
тАО04-05-2006 09:40 PM
Re: Securing access using 802.1x
You can use additional utility "iasparse" to monitor logs in real time from CLI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-06-2006 01:16 AM
тАО04-06-2006 01:16 AM
Re: Securing access using 802.1x
http://www.deepsoftware.com/iasviewer/