HPE Community
Comware Based
1753734 Members
4457 Online
108799 Solutions
New Discussion юеВ

Re: 5500 and Radius

 
sean_2
Occasional Contributor

тАО04-03-2009 03:22 AM

тАО04-03-2009 03:22 AM

5500 and Radius

I have a 5500 that I am trying to connect to a Microsoft IAS Radius server. However, the connection does not work.



Has anyone succesfully connected a 5500 to a Radius server?





This is the configuration set up, the log on the Microsoft IAS and the debug radius on the switch:





sysname SW1

#

undo password-control aging enable

undo password-control length enable

undo password-control history enable

password-control login-attempt 3 exceed lock-time 120

#

local-server nas-ip 127.0.0.1 key 3com

#

domain default enable test2

#

igmp-snooping enable

#

radius scheme system

radius scheme test

server-type extended

primary authentication 172.30.4.4 1645

key authentication 3com

user-name-format without-domain

#

domain system

domain test2

authentication radius-scheme test

#

local-user admin

service-type telnet terminal

level 3

local-user manager

password simple manager

service-type telnet terminal

level 2



├втВм┬ж



user-interface aux 0 7

authentication-mode scheme

user-interface vty 0 4

authentication-mode scheme

#











======================================================================================================









EVENT 5050 ├втВмтАЬ IAS



A LDAP connection with domain controller complete02.complete.ie for domain COMPLETE is established.



For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.







EVENT 1 ├втВмтАЬ IAS



User javier.robles was granted access.

Fully-Qualified-User-Name = complete.ie/Complete/Departments/Engineering/Users/Javier Robles

NAS-IP-Address = 172.30.2.190

NAS-Identifier = 0012a9a2b802

Client-Friendly-Name = Test

Client-IP-Address = 172.30.2.190

Calling-Station-Identifier = 0000-0000-0000

NAS-Port-Type = Ethernet

NAS-Port = 268439553

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server =

Policy-Name = Connections to other access servers

Authentication-Type = PAP

EAP-Type =



For more information, see Help and Support Center at























======================================================================================================











*0.191453 5500G-EI RDS/8/DEBUG:- 1 -Recv MSG,

*0.191579 5500G-EI RDS/8/DEBUG:- 1 -Send attribute list:

*0.191649 5500G-EI RDS/8/DEBUG:- 1 -













*0.192109 5500G-EI RDS/8/DEBUG:- 1 -









*0.192429 5500G-EI RDS/8/DEBUG:- 1 -Send: IP=, UserIndex=, ID=, RetryTimes=, Code=, Length=

*0.192578 5500G-EI RDS/8/DEBUG:- 1 -Send Raw Packet is:

*0.192649 5500G-EI RDS/8/DEBUG:- 1 -

01 00 00 77 00 00 59 f8 00 00 34 21 00 00 77 11

00 00 66 76 01 0f 6a 61 76 69 65 72 2e 72 6f 62

6c 65 73 02 12 74 8e 10 67 17 26 a8 0c 72 65 26

bd 60 16 c6 94 04 06 ac 1e 02 be 20 0e 30 30 31

32 61 39 61 32 62 38 30 32 05 06 01 00 10 01 3d

06 00 00 00 0f 06 06 00 00 00 01 0e 06 ac 1e 02

be 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30

30 08 06 ac 1e 02 42



*0.193169 5500G-EI RDS/8/DEBUG:- 1 -Recv MSG,

*0.193289 5500G-EI RDS/8/DEBUG:- 1 -Receive Raw Packet is:

*0.193359 5500G-EI RDS/8/DEBUG:- 1 -

02 00 00 40 3a d1 42 01 f4 cc 4b c1 e3 cb a7 e1

47 95 75 5c 07 06 00 00 00 01 06 06 00 00 00 02

19 20 53 f0 06 8a 00 00 01 37 00 01 ac 1e 04 04

01 c9 78 c0 cb f2 a2 e0 00 00 00 00 00 00 00 3d





*0.193679 5500G-EI RDS/8/DEBUG:- 1 -Receive:IP=,Code=,Length=

*0.193779 5500G-EI RDS/8/DEBUG:- 1 -
0 Kudos
2 REPLIES 2
rlw
New Member

тАО04-21-2009 01:09 AM

тАО04-21-2009 01:09 AM

Re: 5500 and Radius

Hello !



Your config from the 5500 does not state that you enable 802.1x on your interfaces. There is a advanced configuration guide on the 3com support site , if you search for the 5500 documentation . this is very useful.

Pls check, that your 5500 is running latest firmware !



Best regards

Robert

0 Kudos
aydinkocak
Advisor

тАО04-30-2009 03:56 AM

тАО04-30-2009 03:56 AM

Re: 5500 and Radius

Hello;

I am sending tested 5500 config with Microsof IAS :

and than enable dot1x system wide and interface wide.

--------------------------------------

radius scheme turkom

server-type standard

primary authentication 192.168.1.250

primary accounting 192.168.1.250

key authentication ******

key accounting ******

user-name-format without-domain

#

domain turkom

scheme radius-scheme turkom

vlan-assignment-mode string

#

domain default enable turkom

-------------------------------



What is your authentication protocol EAP-MD5,

EAP-TLS, etc.. ?

AYDIN KOCAK,

3COM Enterprise LAN Expert ( Pre & Post Sales),

TippingPoint Security Engineer,

CCNA,CCDA, CCIE R&S Written
AYDIN KOCAK,

3COM Enterprise LAN Expert ( Pre & Post Sales),

TippingPoint Security Engineer,

CCNA,CCDA, CCIE R&S Written
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.