- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- How to keep dot1x session open/authenticated?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2016 06:26 AM - edited 09-14-2016 07:19 AM
09-14-2016 06:26 AM - edited 09-14-2016 07:19 AM
How to keep dot1x session open/authenticated?
Hi All
I'm trying to get dot1x working on Comware Software, Version 5.20.99
We have some old switches running comware 3 on which dot1x works fine.
The only thing I am missing on com5 to make the config complete is a command equivalent to dot1x dhcp-launch (not available on com5) or other command that would keep dot1x session open.
so for example, the client is being authenticated successfully for the first time, once he/she's logs off I want the dot1x to be still open if that makes sense
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2016 02:37 AM
09-15-2016 02:37 AM
Re: How to keep dot1x session open/authenticated?
I found the below on H3C website, translated from Chinese
dot1x user-ip freeze command to configure 802.1X user IP address Freeze function, namely the port for the first time to obtain and save the 802.1X online user's IP after the address, will not end with the user IP address are changed and updated stored user IP address . undo dot1x user-ip freeze command to restore the default.
By default, the port for the first time to obtain and save the 802.1X online user's IP after an address, with the user IP address are changed and update the stored user IP address.
I think this is what I'm looking for, has anyone used this command?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2016 01:48 AM
09-19-2016 01:48 AM
Re: How to keep dot1x session open/authenticated?
ok let's log it with HP then
will update you curious souls if any
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2016 06:05 AM
09-20-2016 06:05 AM
Re: How to keep dot1x session open/authenticated?
I'm not totally sure what you need.
But if you don't what regular dot1x handshakes, you can disable them with
undo dot1x handshake
Regards
Region Midtjylland
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2016 02:02 AM - edited 09-27-2016 02:07 AM
09-27-2016 02:02 AM - edited 09-27-2016 02:07 AM
Re: How to keep dot1x session open/authenticated?
There is an Juniper Oyessey client on PC's. What I need is the session to remain open once users logs off of their PCs.
With old 3com kit that was running comware 3 we needed to follow the below steps:
1. log onto a PC with local admin account
2. authenticate against radius with oddyssey client
3. Log off - the session would remain open at this point
4. Any user allowed on RADIUS was able to log onto PC
That procedure needed to be performed only once per PC
But now as we try to replace the old kit with 3600 running com5 this doesn't work that way anymore.
after step 4 you won't be able to logi n back to PCs - unless with local admin
Also, sdide the command you mentioned is already in place
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2016 01:03 AM
09-28-2016 01:03 AM
Re: How to keep dot1x session open/authenticated?
Hi,
maybe you could post what switch-model exactly you're using (shouldn't really matter), but sometimes featuresets differ. and post all relevant dot1x configuration.
Maybe you're doing EAP termination, and not EAP relay?
To just relay, use
dot1x authentication-method {chap|pap}Probably CHAP. By default the switch does termination.
Regards
Region Midtjylland
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2016 07:18 AM - edited 10-13-2016 07:20 AM
10-13-2016 07:18 AM - edited 10-13-2016 07:20 AM
Re: How to keep dot1x session open/authenticated?
switch is HP 3600-24-PoE+ v2 EI , software Version 5.20.99, Release 2110P05
I use eap as per below
[TEST_HP_3600]dot1x authentication-method eap
this is straight from 3600 Security Guide:
"Specify the eap keyword to enable EAP
relay"
dot1x authentication-method
{ chap | eap | pap }
I aslo got some support from HP:
"Comware 5 has max session expire timer is 7200 second. It does not support “Session never expires” as per your requirement.
You can use below command to configure maximum periodic online user re-authentication function.
dot1x re-authenticate
dot1x timer reauth-period “value”
Now I'm not sure whether you can do it from switch end?
If not I'd try changing setting on client itself