Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
3
Replies

ESW520 - 802.1X - Switch don't send anything to Radius Server

Boucherle
Level 1
Level 1

‎02-23-2018 01:35 PM - edited ‎03-21-2019 11:21 AM

I'd like to use 802.1x authentication for ports.

 

My Radius server is a 2012 r2 Server (NPS). The customer is a Windows Seven.

 

The switch is a ESW520.

 

I don't have any console cable to use serial port. I'have to use Web graphical solution.

 

I've made:

. switch reset.

. switch stay in dynamic IP.

 

. Setting 802.1x:

  - Security > 802.1X > Properties > Port Based Authentication State: "Enable" > Authentication Method: "Radius" > Apply.

 

 - Security > 802.1X > Port Authentication > Select Win 10 customer port > Edit > "Admin Port Control": "Auto" > Apply > Close.

 - Security > 802.1X > Authentication >  Select Win 10 customer port > Host Authentication: Multiple Host > Apply > Close.

 

. Link to Radius Server:

  - Security > Authentication > RADIUS > "RADIUS Accounting": both > "Default Key String": "secret" (as in NPS) > "Source IP Address": switch IP "172.16.0.1"

  - Security > Authentication > RADIUS > Add > "Host IP Address": Radius 2012 Server NPS IP "172.16.0.2" > Apply > Close.

 

I launch authentication for the Win Seven customer:

 - Security > 802.1X > Port Authentication > Select Win 10 customer port > Edit > Reautenticate Now > Apply > Close.

 

With Wireshirk, I don't see anything on my 2012 Server. The switch don't send anything to my Radius Server.

 

2012 Server ping without problems the switch.

 

If you have an idea.

 

Thanks for all.

 

Best regards.

Labels:
0 Helpful
3 Replies 3

Boucherle
Level 1
Level 1

‎02-23-2018 03:25 PM

Well. I've found I've to configure Win 7 customer: 802.1x wired authentication ("authentication" for the "network card").

 

I see now an "EAPOL Start"version 1 frame from Seven to switch. But switch don't launch an "EAPOL Request" to the Win 7.

 

2012 Server don't receive anything.

0 Helpful

Boucherle
Level 1
Level 1
In response to Boucherle

‎02-23-2018 04:01 PM

With Win 7 Pro: "EAPOL Start" without "EAPOL Request".

 

With Win 10 Pro, same problem.

 

The two customer (Win 7 and Win 10) are virtualized with Hyper-V. Is the problem coming from that ?

 

On switch ESW520, I've modified: Security > Traffic Control > Port Security > Port customer (Win 7 or Win 10) > Max entries: 10.

 

0 Helpful

Boucherle
Level 1
Level 1
In response to Boucherle

‎02-24-2018 01:28 PM

I make new tests with a real customer Windows Seven (not an Hyper-V machine): I get a reply from the switch, and I see the host in Security > 802.1X > Authenticated Hosts.

 

All my problems are due to customers are Hyper-V virtual machine...

0 Helpful
Customers Also Viewed These Support Documents