Setting up initial dot1x configuration on HP 5500 HI - Comware vers 5.20.99
Problem is that cannot get user PC to authenticate using EAP to Microsoft NPS. I do NOT see EAPoL or Radius packets hitting the NPS from the switch. I can SSH to the switch using radius authentication, so I know the radius config on the switch is working.
Error in switch log: 8021X/6/DOT1X_AUTH_FAILURE:
Port config
port link-mode bridge
port access vlan 144
undo voice vlan mode auto
broadcast-suppression pps 3000
undo jumboframe enable
lldp compliance admin-status cdp txrx
qos trust dot1p
undo dot1x handshake
dot1x mandatory-domain tos.x.x.x.x
dot1x port-method portbased
dot1x
dot1x eapol untag
Port dot1x config
Equipment 802.1X protocol is enabled
EAP authentication is enabled
EAD quick deploy is disabled
Configuration: Transmit Period 30 s, Handshake Period 15 s
Quiet Period 60 s, Quiet Period Timer is disabled
Supp Timeout 30 s, Server Timeout 100 s
Reauth Period 3600 s
The maximal retransmitting times 2
EAD quick deploy configuration:
EAD timeout: 30 m
The maximum 802.1X user resource number is 2048 per slot
Total current used 802.1X resource number is 0
GigabitEthernet1/0/19 is link-up
802.1X protocol is enabled
Handshake is disabled
Handshake secure is disabled
802.1X unicast-trigger is disabled
802.1X user-ip freeze is disabled
Periodic reauthentication is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Port-based
802.1X Multicast-trigger is enabled
Mandatory authentication domain: tosx.x.x.x
Guest VLAN: NOT configured
Auth-Fail VLAN: NOT configured
Critical VLAN: NOT configured
Critical recovery-action: NOT configured
Voice VLAN: NOT configured
Global dot1x config
Equipment 802.1X protocol is enabled
EAP authentication is enabled
I would like someone to verify my switch configuration and let me know if there a problem with it. Also any troubleshooting steps I can take to help isolate the problem. Thanks