HPE Community
Security e-Series
1832487 Members
4339 Online
110043 Solutions
New Discussion

Re: 802.1x wired authentication Failed

 
Dr-Q
Occasional Advisor

‎07-20-2011 11:25 PM

‎07-20-2011 11:25 PM

802.1x wired authentication Failed

Setup 802.1x wired authentication from Windows 7 (PEAP authentication enabled) laptop to HP 2510-48 ProCurve Switch. However, the laptop was unable to connect to network. Is there any configuration that i miss out? I may suspect the radius authentication is the culprit. Here is the switch running configuration.   

Running configuration:

; j9020a Configuration Editor; Created on release #U.11.17

hostname "ProCurve Switch 2510-48"
ip default-gateway x.x.x.1
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-52
   ip address x.x.x.x 255.255.255.0
   exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host x.x.x.x key pASSw0rd
radius-server host x.x.x.x key pASSw0rd
radius-server host x.x.x.x key pASSw0rd
aaa port-access authenticator 1-10
aaa port-access authenticator active
ip ssh


ProCurve Switch 2510-48(config)# sh radius authentication

 Status and Counters - RADIUS Authentication Information

  NAS Identifier : ProCurve Switch 2510-48
  Invalid Server Addresses : 0

                              UDP
  Server IP Addr  Port  Timeouts   Requests   Challenges Accepts    Rejects
  ---------------         -----   ----------       ----------         ----------      ----------    ----------
  x.x.x.x                 1812      7                  6                    2                   0             2
  x.x.x.x                 1812      4                  1                    0                   0             0
  x.x.x.x                 1812      4                  1                    0                   0             0

ProCurve Switch 2510-48(config)# sh port-access authenticator

 Port Access Authenticator Status

  Port-access authenticator activated [No] : Yes
  Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No

              Auths/  Unauth   Current
  Port Status Guests  Clients  VLAN ID
  ---- ------ ------- -------- --------
  1    Closed 0/0     1        1
  2    Closed 0/0     0        1
  3    Closed 0/0     0        1
  4    Closed 0/0     0        1
  5    Closed 0/0     0        1
  6    Closed 0/0     0        1
  7    Closed 0/0     0        1
  8    Closed 0/0     0        1
  9    Closed 0/0     0        1
 10   Closed 0/0     0        1

ProCurve Switch 2510-48(config)# sh port-access authenticator config

 Port Access Authenticator Configuration

  Port-access authenticator activated [No] : Yes
  Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No

       | Re-auth Access   Max   Quiet   TX       Supplicant Server   Cntrl
  Port | Period  Control  Reqs  Period  Timeout  Timeout    Timeout  Dir
  ---- + -------     --------     -----      -------    --------     ----------  --------        -----
  1    | No           Auto        2          60          30             30          300       both
  2    | No           Auto        2          60          30             30          300       both
  3    | No           Auto        2          60          30             30          300       both
  4    | No           Auto        2          60          30             30          300       both
  5    | No           Auto        2          60          30             30          300       both
  6    | No           Auto        2          60          30             30          300       both
  7    | No           Auto        2          60          30             30          300       both
  8    | No           Auto        2          60          30             30          300       both
  9    | No           Auto        2          60          30             30          300       both
 10   | No           Auto        2          60          30             30          300       both



0 Kudos
3 REPLIES 3
cenk sasmaztin
Honored Contributor

‎08-15-2011 12:37 AM

‎08-15-2011 12:37 AM

Re: 802.1x wired authentication Failed

test please

 

ping on switch to radius server ip address 

cenk

0 Kudos
ISoliman
Super Advisor

‎11-20-2011 02:39 AM

‎11-20-2011 02:39 AM

Re: 802.1x wired authentication Failed

You can see in the outputs that there are "Rejects" so check the settings from the Radius server, also get the "show log" command output from the switch and check the events on the Radius server for details and to confirm if the packets are reaching the Radius Server
0 Kudos
rventura
Frequent Advisor

‎08-03-2012 08:57 AM

‎08-03-2012 08:57 AM

Re: 802.1x wired authentication Failed

Try with chap instead of eap.. I had lots and lots of issues using eap for 802.1x wired auth.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.