I want to eventually configure the SG300 to authenticate wired clients with 802.1x and Microsoft NPS (RADIUS). I am currently testing this setup using a single port (Port 7) on my SG300, a test machine, and an AD based Network Policy Server.
The problem I have is that when I change the Administrative Port Control for Port 7 to Force Authorized, I see this log entry:
Informational %SEC-I-PORTAUTHORIZED: Port gi7 is Authorized
And then when I change the port control to Auto the port immediately changes to Unauthorized and I see this log entry:
Warning %SEC-W-PORTUNAUTHORIZED: Port gi7 is unAuthorized
However I never see any RADIUS messages being sent from the SG300 to my RADIUS server or from the SG300 to the test machine plugged into port 7. I am using WireShark on my RADIUS server to watch for messages from the SG300 IP Address and I'm using WireShark on a second test machine that is configured to monitor the NIC card in the test machine plugged into port 7 (I'm using Hyper-V and its facilities for this NIC monitoring setup.)
Here is my configuration:
Port 7 configuration:
VLAN Mode is General
Host Authentication is Single Host Authentication
Administrative Port Control is Auto
RADIUS VLAN Assignment is Disabled
Guest VLAN is Enabled
802.1x Based Authentication is Enabled
Additional Configurations under Security - 802.1x/MAC/Web Authentication:
Port Based Authentication is Enabled
Authentication Method is RADIUS
Guest VLAN is Enabled
Guest VLAN ID is 2
All of my VLANs are enabled for Authentication
I've got to be missing something but I do not know what that something is.
One last note:
The SG300 uses the same RADIUS server for management console access and it works without problem. When I log into the switch, WireShark shows the RADIUS messages from the switch to the RADIUS server and back. So I know RADIUS is configured correctly on the switch.
