trouble with 802.1x on hp v1910-g24

sergey_ekoniva · ‎12-21-2014

Hello. We have a trouble with 802.1 x on HP V1910-24G Switch JE006A.

We have customized nps server ( OS - win2008 r2) , we did setup radius atributes and AAA on switch. Task is that the domain computer can log on the port and go to work vlan, non-auth computer are going in guest vlan.

Our radius server accept reqest from domain pc but switch said auth failed and drop it in guest vlan. Hope for your help.

Logs attached below:

#
version 5.20, Release 1513P89
#
sysname HP
#
domain default enable system
#
telnet server enable
#
ip ttl-expires enable
#
dot1x
dot1x timer tx-period 15
dot1x timer supp-timeout 20
dot1x retry 3
dot1x authentication-method eap
#
password-recovery enable
#
vlan 1
description device
#
vlan 36
description clients
#
vlan 37
description guest
#
radius scheme system
server-type extended
primary authentication 192.168.36.3
primary accounting 192.168.36.3
secondary authentication 192.168.36.23
secondary accounting 192.168.36.23
key authentication cipher $c$3$xlSvDrJlLLHS3K2MNTOCdOqxJAIEeRYCdFkY2H8/ug==
key accounting cipher $c$3$DTYPcuJ1ddCTwhfBkiPdi67V9JKQC2028eRRoXQOwg==
user-name-format without-domain
radius scheme nps-test
primary authentication 192.168.36.3
primary accounting 192.168.36.3
secondary authentication 192.168.36.23
secondary accounting 192.168.36.23
key authentication cipher $c$3$v1qjSHuI8XYKWsH0QcDD+W/b0JsYhJQQRQXtv8NRfg==
key accounting cipher $c$3$DGaZjyw4cTc5Oy4qKtlwQ0zirM0+uj2+e6GALI8/Aw==
#
domain ekoniva
authentication lan-access radius-scheme nps-test
authorization lan-access radius-scheme nps-test
accounting lan-access radius-scheme nps-test
access-limit disable
state active
idle-cut disable
self-service-url disable
accounting optional
domain ekoniva.com
authentication lan-access radius-scheme nps-test none
authorization lan-access radius-scheme nps-test none
accounting lan-access radius-scheme nps-test none
access-limit disable
state active
idle-cut disable
self-service-url disable
accounting optional
domain system
authentication lan-access radius-scheme nps-test
authorization lan-access radius-scheme nps-test
accounting lan-access radius-scheme nps-test
access-limit disable
state active
idle-cut disable
self-service-url disable
accounting optional
#
user-group system
#
local-user admin
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
local-user babkov
password cipher $c$3$zoBMAS29jHXdQls99niU/a2nGqTpkJJmHmeC
authorization-attribute level 3
service-type telnet terminal
service-type ftp
service-type web
local-user vlasov
password cipher $c$3$JOM7IkavugmTs5k7EJg/6NWh/kbWl7Bl7O8=
authorization-attribute level 3
service-type telnet terminal
service-type ftp
service-type web
#
stp mode rstp
stp enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.38.225 255.255.255.0

#
interface GigabitEthernet1/0/13
port access vlan 36
stp edged-port enable
dot1x re-authenticate
dot1x max-user 2
dot1x guest-vlan 36
undo dot1x handshake
dot1x port-method portbased
dot1x

#
ip route-static 0.0.0.0 0.0.0.0 Vlan-interface1 192.168.38.254
#
snmp-agent
snmp-agent local-engineid 8000000B037848597F0A1C
snmp-agent sys-info contact it
snmp-agent sys-info location backoffice
snmp-agent sys-info version v3
#
ssh server enable
#
ip https enable
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 15
authentication-mode scheme

P.S. This thread has been moved from ProCurve / ProVision-Based to Web and Unmanaged. - Hp Forum Moderator

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

trouble with 802.1x on hp v1910-g24

trouble with 802.1x on hp v1910-g24