Comware

 View Only
Expand all | Collapse all

802.1X (On windows Server 2012 R2 with NPS) + V1910

This thread has been viewed 7 times
  • 1.  802.1X (On windows Server 2012 R2 with NPS) + V1910

    Posted Jun 15, 2016 10:56 AM

    Hi guys!

    I am facing a strange problem since two last weeks and I can't find a solution.

    I have configured on server with Windows Server 2012 R2 with NPS configured to aceppt machines from AD Domain, I used this same configuration with others switches (from other brands) and this worked properly.

    The problem is, when I set this with V1910, the client workstation shows an erro message "Authentication Failed", in log of Radius I can see the authentication requests. On the HP V1910 I see in the log some errors: (AUTH FAILED).

    I believe that is a problem with Switch configuration, some config that I forgot, see below my configuration (at this time I am using the port 21 to test 802.1x). Can you help me? Any hint or idea?

    Thank You a lot!

    #
    version 5.20, Release 1516P03
    #
    sysname SW01
    #
    domain default enable system
    #
    ip ttl-expires enable
    #
    dot1x
    dot1x retry 3
    dot1x authentication-method eap
    #
    undo ip http enable
    #
    web idle-timeout 3
    #
    password-recovery enable
    #
    vlan 1
    description LAN
    #
    vlan 2
    description ITAU
    #
    radius scheme system
    server-type extended
    primary authentication 192.168.10.155
    primary accounting 192.168.10.155
    key authentication cipher $c$3$Us0BJyIl6AHI9FcsSAmv/agyISm+0n8/
    key accounting cipher $c$3$LvB4ORns8PbD6ZLPTj+miRnRh8BgJgZy
    security-policy-server 192.168.10.155
    #
    domain system
    authentication lan-access radius-scheme system
    authorization lan-access radius-scheme system
    accounting lan-access radius-scheme system
    access-limit disable
    state active
    idle-cut disable
    self-service-url disable
    #
    user-group system
    #
    local-user admswhp
    password hash cipher $h$6$i6KqYTD4XOF8dFNT$UUNFFIp9XCw54oS8nK/98r+Ea3M8mcL0MWcx9yzmL+AF+8UpNo1u5GnjNHM3GyHRpm0JSp14e+lT+1+gJkN/qw==
    authorization-attribute level 3
    service-type telnet terminal
    service-type ftp
    service-type web
    #
    stp mode rstp
    stp enable
    #
    interface Bridge-Aggregation1
    #
    interface Bridge-Aggregation2
    #
    interface NULL0
    #
    interface Vlan-interface1
    ip address 192.168.1.60 255.255.255.0
    #
    interface Vlan-interface2
    ip address 192.168.10.60 255.255.255.0
    #
    interface GigabitEthernet1/0/1
    stp edged-port enable
    #
    interface GigabitEthernet1/0/2
    stp edged-port enable
    #
    interface GigabitEthernet1/0/3
    stp edged-port enable
    #
    interface GigabitEthernet1/0/4
    stp edged-port enable
    #
    interface GigabitEthernet1/0/5
    stp edged-port enable
    #
    interface GigabitEthernet1/0/6
    stp edged-port enable
    #
    interface GigabitEthernet1/0/7
    stp edged-port enable
    #
    interface GigabitEthernet1/0/8
    stp edged-port enable
    #
    interface GigabitEthernet1/0/9
    stp edged-port enable
    #
    interface GigabitEthernet1/0/10
    stp edged-port enable
    #
    interface GigabitEthernet1/0/11
    stp edged-port enable
    #
    interface GigabitEthernet1/0/12
    stp edged-port enable
    #
    interface GigabitEthernet1/0/13
    stp edged-port enable
    #
    interface GigabitEthernet1/0/14
    stp edged-port enable
    #
    interface GigabitEthernet1/0/15
    stp edged-port enable
    #
    interface GigabitEthernet1/0/16
    stp edged-port enable
    #
    interface GigabitEthernet1/0/17
    stp edged-port enable
    #
    interface GigabitEthernet1/0/18
    stp edged-port enable
    #
    interface GigabitEthernet1/0/19
    port access vlan 2
    stp edged-port enable
    #
    interface GigabitEthernet1/0/20
    port access vlan 2
    stp edged-port enable
    #
    interface GigabitEthernet1/0/21
    port access vlan 2
    speed auto 10 100 1000
    stp edged-port enable
    undo ntdp enable
    mac-address max-mac-count 1
    dot1x re-authenticate
    undo dot1x multicast-trigger
    dot1x
    #
    interface GigabitEthernet1/0/22
    port access vlan 2
    stp edged-port enable
    #
    interface GigabitEthernet1/0/23
    port access vlan 2
    stp edged-port enable
    #
    interface GigabitEthernet1/0/24
    port access vlan 2
    stp edged-port enable
    #
    interface GigabitEthernet1/0/25
    stp edged-port enable
    port link-aggregation group 1
    #
    interface GigabitEthernet1/0/26
    stp edged-port enable
    port link-aggregation group 1
    #
    interface GigabitEthernet1/0/27
    stp edged-port enable
    port link-aggregation group 2
    #
    interface GigabitEthernet1/0/28
    stp edged-port enable
    port link-aggregation group 2
    #
    ssh server enable
    #
    ip https enable
    #
    user-interface aux 0
    authentication-mode scheme
    user-interface vty 0 15
    authentication-mode scheme
    #
    return



  • 2.  RE: 802.1X (On windows Server 2012 R2 with NPS) + V1910

    Posted Apr 29, 2025 06:09 AM

    Were you able to solve the problem, I have the same one.