Comware

 View Only

  • 1.  RADIUS based MAC authentication on an JG510A

    Posted Sep 24, 2019 05:43 AM

    Hello everybody,

    I'm in the process for evaluating RADIUS based MAC authentication on our JG510A. As RADIUS Server we using Microsoft Server 2016 with the NPS Role.

    My Problem: the switch never sending any authentication packets to the server. RADIUS statistic on the switch show zero packets, network monitor on server show no traffic coming from the switch.

    The configuration so far:

    RADIUS scheme name: radius1
    Index: 1
    Primary Auth Server:
    Host name: Not Configured
    IP : <IP_OF_RADIUS_SERVER> Port: 1812
    VPN : Not configured
    State: Active
    Test profile: Not configured
    Weight: 0
    Primary Acct Server:
    Host name: Not Configured
    IP : <IP_OF_RADIUS_SERVER> Port: 1813
    VPN : Not configured
    State: Active
    Weight: 0

    Accounting-On function : Disabled
    Retransmission times : 50
    Retransmission interval(seconds) : 3
    Timeout Interval(seconds) : 3
    Retransmission Times : 3
    Retransmission Times for Accounting Update : 5
    Server Quiet Period(minutes) : 5
    Realtime Accounting Interval(minutes) : 12
    Stop-accounting packets buffering : Enabled
    Retransmission times : 500
    NAS IP Address : <IP_OF_THE_SWITCH>
    VPN : Not configured
    User Name Format : Without-domain
    Data flow unit : Byte
    Packet unit : One
    Attribute 15 check-mode : Strict
    Algorithm : primary-secondary
    ------------------------------------------------------------------
    Domain:test
    State: Active
    lan-access Authentication Scheme: radius: radius1
    lan-access Authorization Scheme: radius: radius1
    default Authentication Scheme: local
    default Authorization Scheme: local
    default Accounting Scheme: local
    Authorization attributes :
    Idle-cut : Disable
    ---------------------
    interface GigabitEthernet2/0/33
    port link-mode bridge
    dot1x
    dot1x mandatory-domain test
    ----------------------

    Maybe someone has an idea why the switch is never communicating with the server. An debugging radius all shows also no activities. Needs the switch a restart after enabling these functions?
    Thanky a lot
    Sincerely
    Stefan



  • 2.  RE: RADIUS based MAC authentication on an JG510A

    Posted Sep 30, 2019 02:57 AM

    Hi,

    Generally a reboot is not required after configuring the radius.

    Have you tried 'domain default enable <domain name>'

    Since you said that the debuging is not showing any events, have you tried issuing the 'terminal monitor' and 'terminal debugging' along with the debug command (Eg:debug radius all)

     

     



  • 3.  RE: RADIUS based MAC authentication on an JG510A

    Posted Nov 07, 2019 03:58 AM

    Hello,

    thank you for your reply. I'm trying to get an time schedule with my customer for testing this possible solution. Sorry for my late reply - this is an long-term project and was no first-class priority. But I'm still working on it.

     



  • 4.  RE: RADIUS based MAC authentication on an JG510A

    Posted Dec 03, 2019 10:15 AM

    Hi

    Just a silly quesiton: You write you want MAC authentication using radius, but it seems, on the interface configuration that you are doing a "802.1X"-configuration. Which one is it? Comware makes a destinction!
    Mac-authentication has to be enabled (like dot1x) in the global configuration. (eg)

     

    [mySwitch] mac-authentication domain <name-of-domain>

     

    and then you can, per interface enable it using:

     

    [mySwitch-GigabitEthernet1/0/1] mac-authentication domain <name-of-domain>

     

     

    I'm not sure if this is what you're looking for, but I got a bit confused because you wrote MAC-authentication and configured 802.1X

    Regards

     

     



Related Content