- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: 5500 and Radius
Comware Based
1753734
Members
4457
Online
108799
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2009 03:22 AM
тАО04-03-2009 03:22 AM
5500 and Radius
I have a 5500 that I am trying to connect to a Microsoft IAS Radius server. However, the connection does not work.
Has anyone succesfully connected a 5500 to a Radius server?
This is the configuration set up, the log on the Microsoft IAS and the debug radius on the switch:
sysname SW1
#
undo password-control aging enable
undo password-control length enable
undo password-control history enable
password-control login-attempt 3 exceed lock-time 120
#
local-server nas-ip 127.0.0.1 key 3com
#
domain default enable test2
#
igmp-snooping enable
#
radius scheme system
radius scheme test
server-type extended
primary authentication 172.30.4.4 1645
key authentication 3com
user-name-format without-domain
#
domain system
domain test2
authentication radius-scheme test
#
local-user admin
service-type telnet terminal
level 3
local-user manager
password simple manager
service-type telnet terminal
level 2
├втВм┬ж
user-interface aux 0 7
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
======================================================================================================
EVENT 5050 ├втВмтАЬ IAS
A LDAP connection with domain controller complete02.complete.ie for domain COMPLETE is established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
EVENT 1 ├втВмтАЬ IAS
User javier.robles was granted access.
Fully-Qualified-User-Name = complete.ie/Complete/Departments/Engineering/Users/Javier Robles
NAS-IP-Address = 172.30.2.190
NAS-Identifier = 0012a9a2b802
Client-Friendly-Name = Test
Client-IP-Address = 172.30.2.190
Calling-Station-Identifier = 0000-0000-0000
NAS-Port-Type = Ethernet
NAS-Port = 268439553
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = Connections to other access servers
Authentication-Type = PAP
EAP-Type =
For more information, see Help and Support Center at
======================================================================================================
*0.191453 5500G-EI RDS/8/DEBUG:- 1 -Recv MSG,
*0.191579 5500G-EI RDS/8/DEBUG:- 1 -Send attribute list:
*0.191649 5500G-EI RDS/8/DEBUG:- 1 -
*0.192109 5500G-EI RDS/8/DEBUG:- 1 -
*0.192429 5500G-EI RDS/8/DEBUG:- 1 -Send: IP=, UserIndex=, ID=, RetryTimes=, Code=, Length=
*0.192578 5500G-EI RDS/8/DEBUG:- 1 -Send Raw Packet is:
*0.192649 5500G-EI RDS/8/DEBUG:- 1 -
01 00 00 77 00 00 59 f8 00 00 34 21 00 00 77 11
00 00 66 76 01 0f 6a 61 76 69 65 72 2e 72 6f 62
6c 65 73 02 12 74 8e 10 67 17 26 a8 0c 72 65 26
bd 60 16 c6 94 04 06 ac 1e 02 be 20 0e 30 30 31
32 61 39 61 32 62 38 30 32 05 06 01 00 10 01 3d
06 00 00 00 0f 06 06 00 00 00 01 0e 06 ac 1e 02
be 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30
30 08 06 ac 1e 02 42
*0.193169 5500G-EI RDS/8/DEBUG:- 1 -Recv MSG,
*0.193289 5500G-EI RDS/8/DEBUG:- 1 -Receive Raw Packet is:
*0.193359 5500G-EI RDS/8/DEBUG:- 1 -
02 00 00 40 3a d1 42 01 f4 cc 4b c1 e3 cb a7 e1
47 95 75 5c 07 06 00 00 00 01 06 06 00 00 00 02
19 20 53 f0 06 8a 00 00 01 37 00 01 ac 1e 04 04
01 c9 78 c0 cb f2 a2 e0 00 00 00 00 00 00 00 3d
*0.193679 5500G-EI RDS/8/DEBUG:- 1 -Receive:IP=,Code=,Length=
*0.193779 5500G-EI RDS/8/DEBUG:- 1 -
Has anyone succesfully connected a 5500 to a Radius server?
This is the configuration set up, the log on the Microsoft IAS and the debug radius on the switch:
sysname SW1
#
undo password-control aging enable
undo password-control length enable
undo password-control history enable
password-control login-attempt 3 exceed lock-time 120
#
local-server nas-ip 127.0.0.1 key 3com
#
domain default enable test2
#
igmp-snooping enable
#
radius scheme system
radius scheme test
server-type extended
primary authentication 172.30.4.4 1645
key authentication 3com
user-name-format without-domain
#
domain system
domain test2
authentication radius-scheme test
#
local-user admin
service-type telnet terminal
level 3
local-user manager
password simple manager
service-type telnet terminal
level 2
├втВм┬ж
user-interface aux 0 7
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
======================================================================================================
EVENT 5050 ├втВмтАЬ IAS
A LDAP connection with domain controller complete02.complete.ie for domain COMPLETE is established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
EVENT 1 ├втВмтАЬ IAS
User javier.robles was granted access.
Fully-Qualified-User-Name = complete.ie/Complete/Departments/Engineering/Users/Javier Robles
NAS-IP-Address = 172.30.2.190
NAS-Identifier = 0012a9a2b802
Client-Friendly-Name = Test
Client-IP-Address = 172.30.2.190
Calling-Station-Identifier = 0000-0000-0000
NAS-Port-Type = Ethernet
NAS-Port = 268439553
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = Connections to other access servers
Authentication-Type = PAP
EAP-Type =
For more information, see Help and Support Center at
======================================================================================================
*0.191453 5500G-EI RDS/8/DEBUG:- 1 -Recv MSG,
*0.191579 5500G-EI RDS/8/DEBUG:- 1 -Send attribute list:
*0.191649 5500G-EI RDS/8/DEBUG:- 1 -
*0.192109 5500G-EI RDS/8/DEBUG:- 1 -
*0.192429 5500G-EI RDS/8/DEBUG:- 1 -Send: IP=, UserIndex=, ID=, RetryTimes=, Code=, Length=
*0.192578 5500G-EI RDS/8/DEBUG:- 1 -Send Raw Packet is:
*0.192649 5500G-EI RDS/8/DEBUG:- 1 -
01 00 00 77 00 00 59 f8 00 00 34 21 00 00 77 11
00 00 66 76 01 0f 6a 61 76 69 65 72 2e 72 6f 62
6c 65 73 02 12 74 8e 10 67 17 26 a8 0c 72 65 26
bd 60 16 c6 94 04 06 ac 1e 02 be 20 0e 30 30 31
32 61 39 61 32 62 38 30 32 05 06 01 00 10 01 3d
06 00 00 00 0f 06 06 00 00 00 01 0e 06 ac 1e 02
be 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30
30 08 06 ac 1e 02 42
*0.193169 5500G-EI RDS/8/DEBUG:- 1 -Recv MSG,
*0.193289 5500G-EI RDS/8/DEBUG:- 1 -Receive Raw Packet is:
*0.193359 5500G-EI RDS/8/DEBUG:- 1 -
02 00 00 40 3a d1 42 01 f4 cc 4b c1 e3 cb a7 e1
47 95 75 5c 07 06 00 00 00 01 06 06 00 00 00 02
19 20 53 f0 06 8a 00 00 01 37 00 01 ac 1e 04 04
01 c9 78 c0 cb f2 a2 e0 00 00 00 00 00 00 00 3d
*0.193679 5500G-EI RDS/8/DEBUG:- 1 -Receive:IP=,Code=,Length=
*0.193779 5500G-EI RDS/8/DEBUG:- 1 -
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2009 01:09 AM
тАО04-21-2009 01:09 AM
Re: 5500 and Radius
Hello !
Your config from the 5500 does not state that you enable 802.1x on your interfaces. There is a advanced configuration guide on the 3com support site , if you search for the 5500 documentation . this is very useful.
Pls check, that your 5500 is running latest firmware !
Best regards
Robert
Your config from the 5500 does not state that you enable 802.1x on your interfaces. There is a advanced configuration guide on the 3com support site , if you search for the 5500 documentation . this is very useful.
Pls check, that your 5500 is running latest firmware !
Best regards
Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2009 03:56 AM
тАО04-30-2009 03:56 AM
Re: 5500 and Radius
Hello;
I am sending tested 5500 config with Microsof IAS :
and than enable dot1x system wide and interface wide.
--------------------------------------
radius scheme turkom
server-type standard
primary authentication 192.168.1.250
primary accounting 192.168.1.250
key authentication ******
key accounting ******
user-name-format without-domain
#
domain turkom
scheme radius-scheme turkom
vlan-assignment-mode string
#
domain default enable turkom
-------------------------------
What is your authentication protocol EAP-MD5,
EAP-TLS, etc.. ?
AYDIN KOCAK,
3COM Enterprise LAN Expert ( Pre & Post Sales),
TippingPoint Security Engineer,
CCNA,CCDA, CCIE R&S Written
I am sending tested 5500 config with Microsof IAS :
and than enable dot1x system wide and interface wide.
--------------------------------------
radius scheme turkom
server-type standard
primary authentication 192.168.1.250
primary accounting 192.168.1.250
key authentication ******
key accounting ******
user-name-format without-domain
#
domain turkom
scheme radius-scheme turkom
vlan-assignment-mode string
#
domain default enable turkom
-------------------------------
What is your authentication protocol EAP-MD5,
EAP-TLS, etc.. ?
AYDIN KOCAK,
3COM Enterprise LAN Expert ( Pre & Post Sales),
TippingPoint Security Engineer,
CCNA,CCDA, CCIE R&S Written
AYDIN KOCAK,
3COM Enterprise LAN Expert ( Pre & Post Sales),
TippingPoint Security Engineer,
CCNA,CCDA, CCIE R&S Written
3COM Enterprise LAN Expert ( Pre & Post Sales),
TippingPoint Security Engineer,
CCNA,CCDA, CCIE R&S Written
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP