HPE Community
Switches, Hubs, and Modems
1753452 Members
5803 Online
108794 Solutions
New Discussion

unauth ports closed in auth-vid when doing 802.1x auth

 
Andreas Hilboll
Occasional Contributor

‎07-17-2007 01:01 AM

‎07-17-2007 01:01 AM

unauth ports closed in auth-vid when doing 802.1x auth

Hi there,

on a ProCurve 2626 I want to implement 802.1X authentication. Authenticated clients shall be in one VLAN whereas unauthenticated clients shall be put into another VLAN (and shall be able to communicate within this unauth VLAN).

According to the documentation, I set up two VLANs, let's call them auth-vlan and unauth-vlan. Those ports in question are untagged members of the unauth-vlan and no member of the auth-vlan.
For the ports in question, I did

aaa port-a auth 5-20 auth-vid auth-vlan
aaa port-a auth 5-20 unauth-vid unauth-vlan


When a client (XP Pro) connects, it tries to authenticate (set up against RADIUS on Win2003 using EAP-TLS with computer certs and no user certs). Those computers able to authenticate immediately get put into the auth-vlan and everything's fine. However, if a client cannot authenticate (because it doesn't have a certificate), it stays in unauth-vlan (which is what I want) but the port status remains "CLOSED / CONNECTING" all the time; Windows tries to authenticate over and over again. This way, the client cannot communicate on the unauth-vlan, because the port remains CLOSED.

What am I missing here? I want the unauth'ed clients to be able to access network resources on my unauth-vlan ...

Thanks for your help!

Andreas
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.