Web and Unmanaged
cancel
Showing results for 
Search instead for 
Did you mean: 

HPE OfficeConnect 1920S Dot1x Issue

 
SOLVED
Go to solution
Highlighted
JF7
Occasional Advisor

HPE OfficeConnect 1920S Dot1x Issue

Hi,

I am trying to get Dot1x working with the OfficeConnect 1920S Switch, which can only be configured by the Web page.

I was able to complete the RADIUS server settings, which are working with ProVision and Comware based HP switches correctly. I have tested and implemented the RADIUS settings on many switches up to this point.

 

The 1920S switch has Port Access Control - Admin Mode and Monitor Mode Enabled.

I have Force Authorized set on all, but one port at this point. This port is set to Auto.

I get to PAE State of Connecting and the device never gets and IP address or connected to the network.

I have tried doing it with Monitor Mode off and on and it will never work.

 

On the RADIUS server I can find the Event Logs showing it Authenticated properly and was allowed access..

 

On the Switch in the RADIUS Statistics it is showing that it received an Access Accept packet, but I am still not getting access.

 

Any ideas why?

 

1 REPLY 1
JF7
Occasional Advisor
Solution

Re: HPE OfficeConnect 1920S Dot1x Issue

After digging through the logs under Diagnostics I found the issue.

There is a warning for the Dot1X component as below:

Unable to authenticate as an unsupported service-type value (2) received in the radius server access-accept message.Sending EAP failure to the client XX:XX:XX:XX:XX:XX.Supported values are 'Login' and 'Admin'.Recommend changing the radius server settings with supported service-type

 

In the Microsoft RADIUS server policy settings on the RADIUS server, I removed the RADIUS attribute for "service-type", which was marked as "Framed". This is supposed to be set for RADIUS auth for 802.1X, but will cause the switch to fail.

After I removed the "service-type" attribute the system authenticating with Dot1X was able to get on the network.

Admittedly this is a bug in the software as all other HP switches are able to login with that attribute set. And based on the way the RADIUS server works it should be able to.