Security

Reply
Frequent Contributor I
Posts: 73
Registered: ‎08-16-2011

CPPM Wired 802.1x with old 3Com 5500G-EI switches ???

Has anyone managed to get CPPM Wired 802.1x Auth & VLAN assignment working with old 3Com branded 5500G-EI switches?

 

# 	<5500G-EI>display version
# 	3Com Corporation
# 	Switch 5500G-EI Software Version 3Com OS V3.03.02s168p20
# 	Copyright (c) 2004-2012 3Com Corporation and its licensors, All rights reserved.
# 	Switch 5500G-EI uptime is 0 week, 1 day, 21 hours, 36 minutes
# 
# 	Switch 5500G-EI 48-Port with 1 Processor
# 	128M    bytes SDRAM
# 	16384K  bytes Flash Memory
# 	Config Register points to FLASH
# 
# 	Hardware Version is REV.C
# 	CPLD Version is 002
# 	Bootrom Version is 5.03
# 	[Subslot 0] 48GE+4SFP  Hardware Version is 00.00.00 
# 	[Subslot 2] 2 STACK Hardware Version is REV.C 
# 
# 	<5500G-EI>
 


We have a switch that's seemingly able to send 802.1x Auth requests to CPPM. CPPM is able to successfully authenticate the client against AD & it appears to send back an Accept; however, the switches doesn't seem to understand & is failing Auth.

 

<5500G-EI>display dot1x statistics
Global 802.1X protocol is enabled
EAP authentication is enabled
The maximal 802.1x authentication fail times 5
EAD Quick Deploy configuration:
Acl-timeout: 30 m

Total maximum 802.1x user resource number is 1024
Total current used 802.1x resource number is 0

GigabitEthernet1/0/1 is link-up
802.1X protocol is enabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Version-Check is disabled

Authentication Success: 0, Failed: 402
EAPOL Packets: Tx 11374, Rx 5668
Sent EAP Request/Identity Packets : 5935
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 253
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 5057
EAP Response/Challenge Packets: 3
Error Packets: 0

Controlled User(s) amount to 0
<5500G-EI>


Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: EAP Reply.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Transmitted a packet. ---Verbose information of the packet--- Destination Mac Address: 0016-4117-be8b Source Mac Address: 0016-e0f7-1780 Mac Frame Type: 888e. Protocol Version ID: 1. Packet Type: 0. Packet Length: 43. -----Packet Body----- Code: 1. Identifier: e. Length: 43.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Received a EAPOL packet.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,NOT a Eapol-start.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Auth:451,PacketType: EAPOL-PACKET.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Auth:451,EAP Type: Response.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Port:0,Auth:451,Resource exists.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Auth:451,Code Type: Peap.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Port:0,Auth:451,Sent EAP Msg to 1X-Queue.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,End processing the packet received. ---Verbose information of the packet--- Destination Mac Address: 0180-c200-0003 Source Mac Address: 0016-4117-be8b Mac Frame Type: 888e. Protocol Version ID: 1. Packet Type: 0. Packet Length: 43. -----Packet Body----- Code: 2. Identifier: e. Length: 43.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: EAP Reply.
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: Auth request ack for failure, ACM->1X.
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Processing node FAILURE...
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Processing node LOGOFF...
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: Release request ack, ACM->1X.
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Sending EAPoL-Failure...

 

If anyone has managed to get this to work, if you wouldn't mind sharing your config notes, we would greatly appreciate the help.

TIA,

--Raf
Search Airheads
Showing results for 
Search instead for 
Did you mean: