- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- RADIUS based MAC authentication on an JG510A
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2019 02:43 AM
тАО09-24-2019 02:43 AM
RADIUS based MAC authentication on an JG510A
Hello everybody,
I'm in the process for evaluating RADIUS based MAC authentication on our JG510A. As RADIUS Server we using Microsoft Server 2016 with the NPS Role.
My Problem: the switch never sending any authentication packets to the server. RADIUS statistic on the switch show zero packets, network monitor on server show no traffic coming from the switch.
The configuration so far:
RADIUS scheme name: radius1
Index: 1
Primary Auth Server:
Host name: Not Configured
IP : <IP_OF_RADIUS_SERVER> Port: 1812
VPN : Not configured
State: Active
Test profile: Not configured
Weight: 0
Primary Acct Server:
Host name: Not Configured
IP : <IP_OF_RADIUS_SERVER> Port: 1813
VPN : Not configured
State: Active
Weight: 0
Accounting-On function : Disabled
Retransmission times : 50
Retransmission interval(seconds) : 3
Timeout Interval(seconds) : 3
Retransmission Times : 3
Retransmission Times for Accounting Update : 5
Server Quiet Period(minutes) : 5
Realtime Accounting Interval(minutes) : 12
Stop-accounting packets buffering : Enabled
Retransmission times : 500
NAS IP Address : <IP_OF_THE_SWITCH>
VPN : Not configured
User Name Format : Without-domain
Data flow unit : Byte
Packet unit : One
Attribute 15 check-mode : Strict
Algorithm : primary-secondary
------------------------------------------------------------------
Domain:test
State: Active
lan-access Authentication Scheme: radius: radius1
lan-access Authorization Scheme: radius: radius1
default Authentication Scheme: local
default Authorization Scheme: local
default Accounting Scheme: local
Authorization attributes :
Idle-cut : Disable
---------------------
interface GigabitEthernet2/0/33
port link-mode bridge
dot1x
dot1x mandatory-domain test
----------------------
Maybe someone has an idea why the switch is never communicating with the server. An debugging radius all shows also no activities. Needs the switch a restart after enabling these functions?
Thanky a lot
Sincerely
Stefan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-29-2019 11:56 PM
тАО09-29-2019 11:56 PM
Re: RADIUS based MAC authentication on an JG510A
Hi,
Generally a reboot is not required after configuring the radius.
Have you tried 'domain default enable <domain name>'
Since you said that the debuging is not showing any events, have you tried issuing the 'terminal monitor' and 'terminal debugging' along with the debug command (Eg:debug radius all)
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-07-2019 12:58 AM
тАО11-07-2019 12:58 AM
Re: RADIUS based MAC authentication on an JG510A
Hello,
thank you for your reply. I'm trying to get an time schedule with my customer for testing this possible solution. Sorry for my late reply - this is an long-term project and was no first-class priority. But I'm still working on it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2019 07:15 AM - edited тАО12-03-2019 07:16 AM
тАО12-03-2019 07:15 AM - edited тАО12-03-2019 07:16 AM
Re: RADIUS based MAC authentication on an JG510A
Hi
Just a silly quesiton: You write you want MAC authentication using radius, but it seems, on the interface configuration that you are doing a "802.1X"-configuration. Which one is it? Comware makes a destinction!
Mac-authentication has to be enabled (like dot1x) in the global configuration. (eg)
[mySwitch] mac-authentication domain <name-of-domain>
and then you can, per interface enable it using:
[mySwitch-GigabitEthernet1/0/1] mac-authentication domain <name-of-domain>
I'm not sure if this is what you're looking for, but I got a bit confused because you wrote MAC-authentication and configured 802.1X
Regards
Region Midtjylland