Comware Based
1839313 Members
2978 Online
110138 Solutions
New Discussion

3Com 4210 802.1x failing

 
emmanuelin
New Member

3Com 4210 802.1x failing

I'm implementing wired 802.1x using a certicate , my radius server is a cisco secure acs, i'm being able to access the lan once the pc is authenticated but after 30 seconds the connection drops and the cycle begins again and again.

 

Switch 3Com:

3Com Switch 4210 PWR 26-Port

Software Version: 3Com OS V3.01.13s56

Product 3C Number:3CR17343-91

Bootrom Version: 4.10

 

Radius Server:

Cisco Secure ACS

Version : 5.2.0.26

 

PCs:

Windows XP SP3

 

Script

 

SW_Test_Dot1x]display current-configuration

#

 sysname SW_Test_Dot1x

#

 undo password-control aging enable

 undo password-control length enable

 undo password-control history enable

 password-control login-attempt 3 exceed lock-time 120

#

 super password level 3 cipher JREIJ'A]['[Q=^Q`MAF4<1!!

#

 local-server nas-ip 127.0.0.1 key 3com

#

 domain default enable kcsm

#

 priority trust

#

 igmp-snooping enable

#

 dot1x

 dot1x authentication-method eap

 undo dot1x handshake enable

#

 mirroring-group 1 local

#

radius scheme system

radius scheme KCSM

 server-type extended

 primary authentication 172.16.62.200

 primary accounting 172.16.62.200

 secondary authentication 172.16.62.201

 accounting optional

 key authentication hm7FiP0#

 key accounting hm7FiP0#

 user-name-format without-domain

#

domain kcsm

 scheme radius-scheme KCSM local

 accounting radius-scheme KCSM

domain system

#

local-user KCSMNOC

 password cipher 77\VOBSD;+KQ=^Q`MAF4<1!!

 service-type ssh telnet terminal

 level 3

local-user admin

 password cipher ;GJ'IM]XO03Q=^Q`MAF4<1!!

 service-type ssh telnet terminal

 level 3

local-user foperator

 password cipher ,,)A;NJ0SS3Q=^Q`MAF4<1!!

 level 2

#

vlan 1

 igmp-snooping enable

#

vlan 11

 description Switch_Managment

 name Managment_TI

#

vlan 20

 description Data

 name Data_TI

#

vlan 85

 description VoIP

 name VoIP_TI

#

interface Vlan-interface11

 ip address 172.16.62.105 255.255.255.0

#

interface Aux1/0/0

#

interface Ethernet1/0/1

 poe enable

 stp edged-port enable

 duplex full

 speed 100

 port link-type hybrid

 port hybrid vlan 85 tagged

 port hybrid vlan 20 untagged

 undo port hybrid vlan 1

 port hybrid pvid vlan 20

 dot1x

#

interface Ethernet1/0/2

 poe enable

 stp disable

 stp edged-port enable

 duplex full

 speed 100

 port link-type hybrid

 port hybrid vlan 85 tagged

 port hybrid vlan 20 untagged

 undo port hybrid vlan 1

 port hybrid pvid vlan 20

 mirroring-group 1 monitor-port

#

interface Ethernet1/0/3

 poe enable

 stp edged-port enable

#

interface Ethernet1/0/4

 poe enable

 stp edged-port enable

interface GigabitEthernet1/0/25

 duplex full

 speed 1000

 port link-type trunk

 port trunk permit vlan 1 11 20 85

 mirroring-group 1 mirroring-port both

#

interface GigabitEthernet1/0/26

 stp edged-port enable

#

interface GigabitEthernet1/0/27

 duplex full

 speed 1000

 port link-type trunk

 port trunk permit vlan 1 11 20 85

 shutdown

 mirroring-group 1 mirroring-port both

#

interface GigabitEthernet1/0/28

 stp edged-port enable

 shutdown

#

interface NULL0

#

 management-vlan 11

#

 ip route-static 172.16.0.0 255.255.0.0 172.16.62.1 preference 60

#

 snmp-agent

 snmp-agent local-engineid 8000002B001EC16D65196877

 snmp-agent community read public

 snmp-agent community write private

 snmp-agent sys-info version all

 snmp-agent group v3 admin read-view admin write-view admin

 snmp-agent mib-view included admin iso

 snmp-agent usm-user v3 admin admin

#

 ssh authentication-type default all

#

user-interface aux 0

 authentication-mode scheme

user-interface vty 0 4

 authentication-mode scheme

 protocol inbound ssh

#

return

 

[SW_Test_Dot1x]

[SW_Test_Dot1x]