Has anyone managed to get CPPM Wired 802.1x Auth & VLAN assignment working with old 3Com branded 5500G-EI switches?
# <5500G-EI>display version
# 3Com Corporation
# Switch 5500G-EI Software Version 3Com OS V3.03.02s168p20
# Copyright (c) 2004-2012 3Com Corporation and its licensors, All rights reserved.
# Switch 5500G-EI uptime is 0 week, 1 day, 21 hours, 36 minutes
#
# Switch 5500G-EI 48-Port with 1 Processor
# 128M bytes SDRAM
# 16384K bytes Flash Memory
# Config Register points to FLASH
#
# Hardware Version is REV.C
# CPLD Version is 002
# Bootrom Version is 5.03
# [Subslot 0] 48GE+4SFP Hardware Version is 00.00.00
# [Subslot 2] 2 STACK Hardware Version is REV.C
#
# <5500G-EI>
We have a switch that's seemingly able to send 802.1x Auth requests to CPPM. CPPM is able to successfully authenticate the client against AD & it appears to send back an Accept; however, the switches doesn't seem to understand & is failing Auth.
<5500G-EI>display dot1x statistics
Global 802.1X protocol is enabled
EAP authentication is enabled
The maximal 802.1x authentication fail times 5
EAD Quick Deploy configuration:
Acl-timeout: 30 m
Total maximum 802.1x user resource number is 1024
Total current used 802.1x resource number is 0
GigabitEthernet1/0/1 is link-up
802.1X protocol is enabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Version-Check is disabled
Authentication Success: 0, Failed: 402
EAPOL Packets: Tx 11374, Rx 5668
Sent EAP Request/Identity Packets : 5935
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 253
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 5057
EAP Response/Challenge Packets: 3
Error Packets: 0
Controlled User(s) amount to 0
<5500G-EI>
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: EAP Reply.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Transmitted a packet. ---Verbose information of the packet--- Destination Mac Address: 0016-4117-be8b Source Mac Address: 0016-e0f7-1780 Mac Frame Type: 888e. Protocol Version ID: 1. Packet Type: 0. Packet Length: 43. -----Packet Body----- Code: 1. Identifier: e. Length: 43.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Received a EAPOL packet.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,NOT a Eapol-start.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Auth:451,PacketType: EAPOL-PACKET.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Auth:451,EAP Type: Response.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Port:0,Auth:451,Resource exists.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,Auth:451,Code Type: Peap.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Port:0,Auth:451,Sent EAP Msg to 1X-Queue.
Dec 9 16:21:54 5500G-EI: %%108021X/8/PACKET(d):- 1 -Port:0,End processing the packet received. ---Verbose information of the packet--- Destination Mac Address: 0180-c200-0003 Source Mac Address: 0016-4117-be8b Mac Frame Type: 888e. Protocol Version ID: 1. Packet Type: 0. Packet Length: 43. -----Packet Body----- Code: 2. Identifier: e. Length: 43.
Dec 9 16:21:54 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: EAP Reply.
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: Auth request ack for failure, ACM->1X.
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Processing node FAILURE...
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Processing node LOGOFF...
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Msg: Release request ack, ACM->1X.
Dec 9 16:22:03 5500G-EI: %%108021X/8/EVENT(d):- 1 -Auth:451,Sending EAPoL-Failure...
If anyone has managed to get this to work, if you wouldn't mind sharing your config notes, we would greatly appreciate the help.
TIA,