Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

configuring 802.1x with juniper radius server

eng_mahmood48
Occasional Visitor

configuring 802.1x with juniper radius server

Hi

i have HP switch 4500 , the switch configured as a radius client for the juniper radius server (UAC), the switch connected to the juniper radius as a client succesfully.

i configured the dot1x on the switch and on one of the ports but the authentication on the client failed (there is a EAP-Failure messages sent from the switch to the client).

below is the switch configuration.

========================================

radius scheme system
 server-type standard
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
radius scheme radius1
 primary authentication 172.16.10.10 1812
 key authentication 123123
 timer 5
 retry 5
 user-name-format without-domain

domain sudatel.net
 radius-scheme radius1
 access-limit disable
 state active
 vlan-assignment-mode integer
 idle-cut enable 20 2000
 self-service-url disable
 messenger time disable
 
 domain system
  radius-scheme radius1
  access-limit disable
  state active
  vlan-assignment-mode integer
  idle-cut disable
  self-service-url disable
  messenger time disable
 
  domain default enable sudatel.net
 #
  local-server nas-ip 127.0.0.1 key 123123
 
 local-user admin
  password simple admin
  service-type lan-access
  service-type telnet level 3
 
 local-user lanuser
  password cipher RQ4NJ=aZ$3GL>K8=@9OLY!!!
  service-type telnet level 3
 #
  dot1x
  dot1x authentication-method eap
  undo dot1x handshake enable
 #
  monitor-port Ethernet0/4 no-filt
  mirroring-port Ethernet0/3 both
  mirroring-port Ethernet0/2 both
 #
  queue-scheduler wrr 1 2 4 8
 #
 vlan 1
 #
 vlan 10
 #
 vlan 110
 #
 vlan 120
 #
 vlan 203
 #
 interface Vlan-interface10
  ip address 172.16.10.11 255.255.255.0
 #
 interface Aux0/0
 #
 interface Ethernet0/1
  description TO SHQ_S6506_A
  duplex full
  speed 100
  port link-type trunk
  port trunk permit vlan 1 10 110 120 203
 #
 interface Ethernet0/2
  port access vlan 10
 #
 interface Ethernet0/3
  port access vlan 110
  dot1x port-method portbased
  dot1x guest-vlan 203
  dot1x

=====================================

any ideas?

Regards
Mahmoud