Comware

 View Only
Back to discussions
Expand all | Collapse all

3Com 4210 802.1x failing

This thread has been viewed 0 times

  • 1.  3Com 4210 802.1x failing

    Posted Mar 01, 2011 11:17 PM

    I'm implementing wired 802.1x using a certicate , my radius server is a cisco secure acs, i'm being able to access the lan once the pc is authenticated but after 30 seconds the connection drops and the cycle begins again and again.

     

    Switch 3Com:

    3Com Switch 4210 PWR 26-Port

    Software Version: 3Com OS V3.01.13s56

    Product 3C Number:3CR17343-91

    Bootrom Version: 4.10

     

    Radius Server:

    Cisco Secure ACS

    Version : 5.2.0.26

     

    PCs:

    Windows XP SP3

     

    Script

     

    SW_Test_Dot1x]display current-configuration

    #

     sysname SW_Test_Dot1x

    #

     undo password-control aging enable

     undo password-control length enable

     undo password-control history enable

     password-control login-attempt 3 exceed lock-time 120

    #

     super password level 3 cipher JREIJ'A]['[Q=^Q`MAF4<1!!

    #

     local-server nas-ip 127.0.0.1 key 3com

    #

     domain default enable kcsm

    #

     priority trust

    #

     igmp-snooping enable

    #

     dot1x

     dot1x authentication-method eap

     undo dot1x handshake enable

    #

     mirroring-group 1 local

    #

    radius scheme system

    radius scheme KCSM

     server-type extended

     primary authentication 172.16.62.200

     primary accounting 172.16.62.200

     secondary authentication 172.16.62.201

     accounting optional

     key authentication hm7FiP0#

     key accounting hm7FiP0#

     user-name-format without-domain

    #

    domain kcsm

     scheme radius-scheme KCSM local

     accounting radius-scheme KCSM

    domain system

    #

    local-user KCSMNOC

     password cipher 77\VOBSD;+KQ=^Q`MAF4<1!!

     service-type ssh telnet terminal

     level 3

    local-user admin

     password cipher ;GJ'IM]XO03Q=^Q`MAF4<1!!

     service-type ssh telnet terminal

     level 3

    local-user foperator

     password cipher ,,)A;NJ0SS3Q=^Q`MAF4<1!!

     level 2

    #

    vlan 1

     igmp-snooping enable

    #

    vlan 11

     description Switch_Managment

     name Managment_TI

    #

    vlan 20

     description Data

     name Data_TI

    #

    vlan 85

     description VoIP

     name VoIP_TI

    #

    interface Vlan-interface11

     ip address 172.16.62.105 255.255.255.0

    #

    interface Aux1/0/0

    #

    interface Ethernet1/0/1

     poe enable

     stp edged-port enable

     duplex full

     speed 100

     port link-type hybrid

     port hybrid vlan 85 tagged

     port hybrid vlan 20 untagged

     undo port hybrid vlan 1

     port hybrid pvid vlan 20

     dot1x

    #

    interface Ethernet1/0/2

     poe enable

     stp disable

     stp edged-port enable

     duplex full

     speed 100

     port link-type hybrid

     port hybrid vlan 85 tagged

     port hybrid vlan 20 untagged

     undo port hybrid vlan 1

     port hybrid pvid vlan 20

     mirroring-group 1 monitor-port

    #

    interface Ethernet1/0/3

     poe enable

     stp edged-port enable

    #

    interface Ethernet1/0/4

     poe enable

     stp edged-port enable

    interface GigabitEthernet1/0/25

     duplex full

     speed 1000

     port link-type trunk

     port trunk permit vlan 1 11 20 85

     mirroring-group 1 mirroring-port both

    #

    interface GigabitEthernet1/0/26

     stp edged-port enable

    #

    interface GigabitEthernet1/0/27

     duplex full

     speed 1000

     port link-type trunk

     port trunk permit vlan 1 11 20 85

     shutdown

     mirroring-group 1 mirroring-port both

    #

    interface GigabitEthernet1/0/28

     stp edged-port enable

     shutdown

    #

    interface NULL0

    #

     management-vlan 11

    #

     ip route-static 172.16.0.0 255.255.0.0 172.16.62.1 preference 60

    #

     snmp-agent

     snmp-agent local-engineid 8000002B001EC16D65196877

     snmp-agent community read public

     snmp-agent community write private

     snmp-agent sys-info version all

     snmp-agent group v3 admin read-view admin write-view admin

     snmp-agent mib-view included admin iso

     snmp-agent usm-user v3 admin admin

    #

     ssh authentication-type default all

    #

    user-interface aux 0

     authentication-mode scheme

    user-interface vty 0 4

     authentication-mode scheme

     protocol inbound ssh

    #

    return

     

    [SW_Test_Dot1x]

    [SW_Test_Dot1x]



Related Content