HPE Community
Web and Unmanaged
1753776 Members
7104 Online
108799 Solutions
New Discussion

Re: HPE OfficeConnect 1920S Dot1x Issue

 
SOLVED
Go to solution
JF7
Advisor

‎01-22-2019 09:45 AM

‎01-22-2019 09:45 AM

HPE OfficeConnect 1920S Dot1x Issue

Hi,

I am trying to get Dot1x working with the OfficeConnect 1920S Switch, which can only be configured by the Web page.

I was able to complete the RADIUS server settings, which are working with ProVision and Comware based HP switches correctly. I have tested and implemented the RADIUS settings on many switches up to this point.

 

The 1920S switch has Port Access Control - Admin Mode and Monitor Mode Enabled.

I have Force Authorized set on all, but one port at this point. This port is set to Auto.

I get to PAE State of Connecting and the device never gets and IP address or connected to the network.

I have tried doing it with Monitor Mode off and on and it will never work.

 

On the RADIUS server I can find the Event Logs showing it Authenticated properly and was allowed access..

 

On the Switch in the RADIUS Statistics it is showing that it received an Access Accept packet, but I am still not getting access.

 

Any ideas why?

 

0 Kudos
3 REPLIES 3
JF7
Advisor

‎01-23-2019 08:10 AM

‎01-23-2019 08:10 AM

Solution

Re: HPE OfficeConnect 1920S Dot1x Issue

After digging through the logs under Diagnostics I found the issue.

There is a warning for the Dot1X component as below:

Unable to authenticate as an unsupported service-type value (2) received in the radius server access-accept message.Sending EAP failure to the client XX:XX:XX:XX:XX:XX.Supported values are 'Login' and 'Admin'.Recommend changing the radius server settings with supported service-type

 

In the Microsoft RADIUS server policy settings on the RADIUS server, I removed the RADIUS attribute for "service-type", which was marked as "Framed". This is supposed to be set for RADIUS auth for 802.1X, but will cause the switch to fail.

After I removed the "service-type" attribute the system authenticating with Dot1X was able to get on the network.

Admittedly this is a bug in the software as all other HP switches are able to login with that attribute set. And based on the way the RADIUS server works it should be able to.

y1ld1r1m
New Member

‎02-11-2020 04:55 AM

‎02-11-2020 04:55 AM

Re: HPE OfficeConnect 1920S Dot1x Issue

Hello,
I m trying to configure but when i click to apply on admin mode, lose accessing to switch

Please can you send me configuration sample?

 

Best Regards.

0 Kudos
JF7
Advisor

‎03-03-2020 07:52 AM - last edited on ‎03-03-2020 09:48 PM by

‎03-03-2020 07:52 AM - last edited on ‎03-03-2020 09:48 PM by

Re: HPE OfficeConnect 1920S Dot1x Issue

@y1ld1r1m ,

With the HP 1920s (Linux Based) OS, you need to set the uplink to Force Authorized prior to Enabling Admin Mode for Port Access (Dot1x).

When you enable Admin all ports are set to Auto, which means they require authentication to work. The uplink and the port you may be configuring them from, will require authentication to connect to it. This will stop all access due to the uplink port/vlan not able to communicate out of it.

Essentially a catch22, the port will not communicate until authenticated and cannot authenticate without being able to communciate.

Hope this helps, JF7

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.