Security e-Series
Showing results for 
Search instead for 
Did you mean: 

Dot1x - with 3COM 4210

New Member

Dot1x - with 3COM 4210

Hi all,


pls help with issue bellow.


I need to setup port-based authenticatoin 802.1x with RADIUS server / Microsoft NPS 2008 / - After my configuration  seem everything fine only 3com tell me Failed auth. and end user dont connect to the VLAN1 and stay in unauth state :(


1. 3Com CFG configuration


domain default enable system


dot1x authentication-method eap


radius scheme system
 server-type standard
 primary authentication key secret


domain system
 scheme radius-scheme system
 scheme login local
 authentication lan-access radius-scheme system
 authorization login local


interface Ethernet1/0/4
 stp edged-port enable
 loopback-detection enable


di dot1x - command


 Ethernet1/0/4  is link-up
   802.1X protocol is enabled
   Proxy trap checker is disabled
   Proxy logoff checker is disabled
   Version-Check is disabled
   The port is an authenticator
   Authentication Mode is Auto
   Port Control Type is Mac-based
   ReAuthenticate is disabled
   Max number of on-line users is 256

   Authentication Success: 0, Failed: 49
   EAPOL Packets: Tx 369, Rx 393
   Sent EAP Request/Identity Packets : 113
        EAP Request/Challenge Packets: 0
   Received EAPOL Start Packets : 136
            EAPOL LogOff Packets: 0
            EAP Response/Identity Packets : 257
            EAP Response/Challenge Packets: 0
            Error Packets: 0
 1. Unauthenticated user : MAC address: 001f-29d7-70d4

Network Monitor 3.4 on NPS server


Everything look fine :(


NPS 2008 server
































Is there some specail vendor specific for 3COMs? Or could anybody help me with that?


Thank you all for reply




Re: Dot1x - with 3COM 4210

Hi Jan,


generally I would add a new RADIUS scheme for NPS authentication like


radius scheme nps

primary authentication ...


In the domain you have to refer to the scheme and add authorization:


domain <whatever>

authentication lan-access radius-scheme nps
authorization lan-access radius-scheme nps
accounting lan-access radius-scheme nps



If you miss the authorization it will not work!




Re: Dot1x - with 3COM 4210

Oops, this post was really old! This forum is not really alive, is it?!