- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Web and Unmanaged
- >
- HP 1910 Lan Auth with Radius
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2016 11:04 AM
08-16-2016 11:04 AM
HP 1910 Lan Auth with Radius
Hello,
I’m having a hard time getting Lan authentication working. I currently have a radius server setup where I use it to authenticate VPN, wifi and port security. I cant seem to get it working with my HPE 1910’s.
I can see from my NPS logs that its communicating but it failing.
8021X
Information
DOT1X_AUTH_FAILURE
-IfName=GigabitEthernet1/0/13-UserName=host/SAdjei-HP.ONSITERIS.com; DOT1X authentication failed.
I really want to avoid using mac address if possible.
radius scheme system
server-type extended
primary authentication 10.10.100.209
key authentication cipher xxxxxxxxxx
security-policy-server 10.10.100.209
user-name-format without-domain
radius scheme mydomainname
server-type extended
primary authentication 10.10.100.209
primary accounting 10.10.100.209
secondary authentication 10.10.100.244
secondary accounting 10.10.100.244
key authentication cipher xxxxxxxxxxxxxxx
key accounting cipher xxxxxxxxxxxxxxxxx
user-name-format keep-original
nas-ip 10.10.100.11
accounting-on enable
interface GigabitEthernet1/0/13
stp edged-port enable
dot1x max-user 2
dot1x guest-vlan 10
dot1x mandatory-domain onsiteris
dot1x port-method portbased
dot1x
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2016 11:57 AM
08-16-2016 11:57 AM
Re: HP 1910 Lan Auth with Radius
I only have one port setup to use dot1x for testing
GigabitEthernet1/0/13 is link-down
802.1X protocol is enabled
Handshake is enabled
Handshake secure is disabled
802.1X unicast-trigger is disabled
Periodic reauthentication is disabled
The port is an authenticator
Authentication Mode is Force-Authorized
Port Control Type is Port-based
802.1X Multicast-trigger is enabled
Mandatory authentication domain: onsiteris
Guest VLAN: 10
Auth-Fail VLAN: NOT configured
Critical VLAN: NOT configured
Critical recovery-action: NOT configured
Max number of on-line users is 2
EAPOL Packet: Tx 2663, Rx 836
Sent EAP Request/Identity Packets : 2312
EAP Request/Challenge Packets: 94
EAP Success Packets: 28, Fail Packets: 89
Received EAPOL Start Packets : 400
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 202
EAP Response/Challenge Packets: 140
Error Packets: 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2016 10:40 AM
08-17-2016 10:40 AM
Re: HP 1910 Lan Auth with Radius
If I remember correctly:
"undo dot1x handshake" is recommended whrn you are using Windows NPS as your RADIUS server of choice.
I also have "undo dot1x multicast-trigger" but the sample (working) port config I have is from a 5130ei rather than a 1910.
Have you managed to enable full CLI access to the 1910 or are you able to drive this through the web GUI?
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me