(RADIATOR) dot1x auth problems on HP switch
Alex Sharaz
A.Sharaz at hull.ac.uk
Fri Apr 25 06:34:38 CDT 2008
As an update,
Just pointed the switch at a Radiator-4.1 server and the Access-Request
shown below worked in that Radiator rejected the request because we don¹t
allow hostbased authentication.
Alex
On 4/25/08 11:56 AM, "Alex Sharaz" <A.Sharaz at hull.ac.uk> wrote:
> Chaps,
> We¹ve implemented wired 802.1x auth in one of our RESNET sites usin HP 3400
> switches. This has been running since sept 2007 without a problem.
> I¹m now rolling out wired dot1x in one of our PC rooms (HP 2900 switch) .
> Switch config wise there is no difference between the 3400 and the 2900 boxes.
>
> The problem is that the 3400 always works and the 2900 is generating the
> following in the Radiator logs:-
>
> Fri Apr 25 11:02:38 2008: DEBUG: Packet dump:
> *** Received from 150.237.162.254 port 2440 ....
> Code: Access-Request
> Identifier: 18
> Authentic: ]<163>!<25><130><191><185>R<245>]<240><9><232>l<132><143>
> Attributes:
> Framed-MTU = 1466
> NAS-IP-Address = 150.237.162.254
> NAS-Identifier = "CC_PC2_HP2900-48"
> User-Name = "ccsas at hull.ac.uk"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-Port = 30
> NAS-Port-Type = Ethernet
> NAS-Port-Id = "30"
> Called-Station-Id = "00-1c-2e-11-4b-40"
> Calling-Station-Id = "00-a0-d1-bc-29-de"
> Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
> Tunnel-Type = 0:VLAN
> Tunnel-Medium-Type = 0:802
> Tunnel-Private-Group-ID = 1620
> EAP-Message = <2><11><0><21><1>ccsas at hull.ac.uk
> Message-Authenticator =
> <244><176>q<184><226><241><240><25><246>#<143><225><199><210>M<254>
>
> Fri Apr 25 11:02:38 2008: WARNING: Bad EAP Message-Authenticator
> Fri Apr 25 11:02:38 2008: WARNING: Bad authenticator in request from
> 150.237.162.254 (150.237.162.254)
>
> Can¹t see anything wrong. The only difference seems to be in the Framed-MTU
> size
>
> An hp 3400 box generates this:-
>
> ri Apr 25 00:15:38 2008: DEBUG: Packet dump:
> *** Received from 150.237.251.198 port 1024 ....
> Code: Access-Request
> Identifier: 114
> Authentic: Z<182>&<237>.N<9>M6SU<173><177><194><220>u
> Attributes:
> Framed-MTU = 1480
> NAS-IP-Address = 150.237.251.198
> NAS-Identifier = "TC2-Brantingham_HP3400"
> User-Name = "339804 at hull.ac.uk"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-Port = 7
> NAS-Port-Type = Ethernet
> NAS-Port-Id = "7"
> Called-Station-Id = "00-12-79-49-7c-c0"
> Calling-Station-Id = "00-1b-24-48-65-60"
> Connect-Info = "CONNECT Ethernet 10Mbps Full duplex"
> Tunnel-Type = 0:VLAN
> Tunnel-Medium-Type = 0:802
> Tunnel-Private-Group-ID = 290
> EAP-Message = <2>?<0><22><1>339804 at hull.ac.uk
> Message-Authenticator =
> En<180><241><248>6<232><178><225><154><242><160>K,<238><204>
>
> Anyone using radiator with HP 2900 switches?
>
> I¹m running radiator 4.2 with patch file 1.915
>
> Alex
>
> ******************************************************************************
> ***********
> To view the terms under which this email is distributed, please go to
> http://www.hull.ac.uk/legal/email_disclaimer.html
> ******************************************************************************
> ***********
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080425/888c4679/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080425/888c4679/attachment.ksh>
More information about the radiator
mailing list