https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83760#M543 Please take a look at page 255 for reference on how to configure dot1x authentication:<BR /> <BR /> <A href="https://documentation.extremenetworks.com/networkos/SW/70x/53-1004365-02_L2SwitchingNetworkOS_7.0.1_CG_Aug2016.pdf" target="_blank" rel="nofollow noreferrer noopener">https://documentation.extremenetworks.com/networkos/SW/70x/53-1004365-02_L2SwitchingNetworkOS_7.0.1_CG_Aug2016.pdf</A><BR /> <BR /> Please also verify the dot1x compatibility check passes between the switch and host.<BR /> <BR /> # dot1x test eapol-capable<BR /> <BR /> If you still have issues after, please contact Extreme GTAC to open a case for this issue. <BR /> <BR /> We will need to verify the Radius communication and configuration with the switch which involves a deeper level troubleshooting session. Thu, 02 May 2019 04:59:28 GMT Truyen_Phan 2019-05-02T04:59:28Z https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83759#M542 Hello,<BR /> <BR /> I am trying to implement wired dot1x for machine authentication using certificate.<BR /> <BR /> As soon as I enabled dot1x authentication on the port, link protocol goes down with dot1x authentication failed. Machine <BR /> <BR /> Here is my setup:<BR /> <B><U>1) Brocade VDX:</U></B><BR /> radius-server host 10.20.10.4<BR /> key <BR /> <B> 802.1x enabled globally:</B><BR /> dot1x enable<BR /> <B>802.1x configuration on interface:</B><BR /> interface TenGigabitEthernet 1/2/3<BR /> dot1x authentication<BR /> dot1x port-control auto<BR /> dot1x protocol-version 2<BR /> dot1x quiet-period 30<BR /> dot1x reauthentication<BR /> dot1x reauthMax 3<BR /> dot1x timeout re-authorized 200<BR /> dot1x timeout server-timeout 30<BR /> dot1x timeout supp-timeout 30<BR /> dot1x timeout tx-period 60<BR /> <B>2) Windows RADIUS Server</B><BR /> Network Policy<BR /> <I>Conditions:</I><BR /> NAS Port Type :<I>Ethernet</I><BR /> Windows Groups : <I>dot1x Computers</I><BR /> Authentication Type: <I>EAP</I><BR /> <I> Constraints</I><BR /> <I> </I> Authentication Method: S<I>mart Card or Other Certificate</I><BR /> In the certificate settings : S<I>elected certificate for the RADIUS server</I><BR /> <B>3) Group Policy</B><BR /> a) Computer Configuration/Policies/Security Settings/System Services : <I>Wired Autoconfig (startup mode: Automatic)</I><BR /> <B> b) Wired Network (802.3) Policies</B><BR /> Used Windows wired LAN network services for clients:<I> Enabled</I><BR /> Shared User credentials for network authentication: <I>Enabled</I><BR /> <B> Network Profile/Security Settings</B><BR /> Enable use of IEEE 802.1x authentication for network access: <I>Enabled</I><BR /> <B> IEEE 802.1x settings</B><BR /> Computer Authentication: <I>Computer Only</I><BR /> <B> Network Authentication Method Properties</B><BR /> <B> </B> Authentication Method: <I>Smart card or Certificate</I><BR /> Validate server certificate: <I>Enabled (select CA certificate)</I><BR /> <I> </I> Use a certificate on this computer: <I>Enabled</I><BR /> <B> </B> Use simple certificate selection: <I>Enabled</I><BR /> <I> </I><BR /> Workstation clients and RADIUS server authentication certificates are auto enrolled.<BR /> <BR /> Following error is logged on the workstation:<BR /> <I>Wired 802.1x Authentication filed</I><BR /> Reason<I>: 0x50005</I><BR /> Reason Text: <I>Network Authentication failed due to a problem with the user account</I><BR /> Error Code: <I>0x40420110</I><BR /> <BR /> It looks it is not reaching RADIUS server, therefore nothing on the log.<BR /> <BR /> On Brocade VDX switch log:<BR /> warning, 802.1x authentication has failed on port TenGigabitEthernet 1/2/3<BR /> <BR /> I hope someone will be able to assist me with this issue.<BR /> <BR /> Thanks, Wed, 01 May 2019 20:56:21 GMT https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83759#M542 Tamang 2019-05-01T20:56:21Z https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83760#M543 Please take a look at page 255 for reference on how to configure dot1x authentication:<BR /> <BR /> <A href="https://documentation.extremenetworks.com/networkos/SW/70x/53-1004365-02_L2SwitchingNetworkOS_7.0.1_CG_Aug2016.pdf" target="_blank" rel="nofollow noreferrer noopener">https://documentation.extremenetworks.com/networkos/SW/70x/53-1004365-02_L2SwitchingNetworkOS_7.0.1_CG_Aug2016.pdf</A><BR /> <BR /> Please also verify the dot1x compatibility check passes between the switch and host.<BR /> <BR /> # dot1x test eapol-capable<BR /> <BR /> If you still have issues after, please contact Extreme GTAC to open a case for this issue. <BR /> <BR /> We will need to verify the Radius communication and configuration with the switch which involves a deeper level troubleshooting session. Thu, 02 May 2019 04:59:28 GMT https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83760#M543 Truyen_Phan 2019-05-02T04:59:28Z https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83761#M544 Does the RADIUS server for dot1x needs to be on the mgmt-vrf? Fri, 03 May 2019 00:20:36 GMT https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83761#M544 Tamang 2019-05-03T00:20:36Z https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83762#M545 Yes, it uses the mgmt-vrf if you don't configure it to use any other VRF. <BR /> <BR /> You can confirm by doing 'sh run radius'<BR /> <BR /> sw0# sh run radius<BR /> radius-server host 10.1.2.3 <B>use-vrf mgmt-vrf</B><BR /> protocol pap key "Yf0BKEhsc83gp+kIoGMQ/g==\n" encryption-level 7<BR /> ! Sat, 04 May 2019 08:52:30 GMT https://community.extremenetworks.com/t5/data-center-vdx/wired-802-1x-authentication-failed-on-brocade-vdx/m-p/83762#M545 Truyen_Phan 2019-05-04T08:52:30Z