This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- Data Center (VDX)
- Re: Wired 802.1x Authentication Failed on Brocade ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Wired 802.1x Authentication Failed on Brocade VDX
Wired 802.1x Authentication Failed on Brocade VDX
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-01-2019 01:56 PM
Hello,
I am trying to implement wired dot1x for machine authentication using certificate.
As soon as I enabled dot1x authentication on the port, link protocol goes down with dot1x authentication failed. Machine
Here is my setup:
1) Brocade VDX:
radius-server host 10.20.10.4
key
802.1x enabled globally:
dot1x enable
802.1x configuration on interface:
interface TenGigabitEthernet 1/2/3
dot1x authentication
dot1x port-control auto
dot1x protocol-version 2
dot1x quiet-period 30
dot1x reauthentication
dot1x reauthMax 3
dot1x timeout re-authorized 200
dot1x timeout server-timeout 30
dot1x timeout supp-timeout 30
dot1x timeout tx-period 60
2) Windows RADIUS Server
Network Policy
Conditions:
NAS Port Type :Ethernet
Windows Groups : dot1x Computers
Authentication Type: EAP
Constraints
Authentication Method: Smart Card or Other Certificate
In the certificate settings : Selected certificate for the RADIUS server
3) Group Policy
a) Computer Configuration/Policies/Security Settings/System Services : Wired Autoconfig (startup mode: Automatic)
b) Wired Network (802.3) Policies
Used Windows wired LAN network services for clients: Enabled
Shared User credentials for network authentication: Enabled
Network Profile/Security Settings
Enable use of IEEE 802.1x authentication for network access: Enabled
IEEE 802.1x settings
Computer Authentication: Computer Only
Network Authentication Method Properties
Authentication Method: Smart card or Certificate
Validate server certificate: Enabled (select CA certificate)
Use a certificate on this computer: Enabled
Use simple certificate selection: Enabled
Workstation clients and RADIUS server authentication certificates are auto enrolled.
Following error is logged on the workstation:
Wired 802.1x Authentication filed
Reason: 0x50005
Reason Text: Network Authentication failed due to a problem with the user account
Error Code: 0x40420110
It looks it is not reaching RADIUS server, therefore nothing on the log.
On Brocade VDX switch log:
warning, 802.1x authentication has failed on port TenGigabitEthernet 1/2/3
I hope someone will be able to assist me with this issue.
Thanks,
I am trying to implement wired dot1x for machine authentication using certificate.
As soon as I enabled dot1x authentication on the port, link protocol goes down with dot1x authentication failed. Machine
Here is my setup:
1) Brocade VDX:
radius-server host 10.20.10.4
key
802.1x enabled globally:
dot1x enable
802.1x configuration on interface:
interface TenGigabitEthernet 1/2/3
dot1x authentication
dot1x port-control auto
dot1x protocol-version 2
dot1x quiet-period 30
dot1x reauthentication
dot1x reauthMax 3
dot1x timeout re-authorized 200
dot1x timeout server-timeout 30
dot1x timeout supp-timeout 30
dot1x timeout tx-period 60
2) Windows RADIUS Server
Network Policy
Conditions:
NAS Port Type :Ethernet
Windows Groups : dot1x Computers
Authentication Type: EAP
Constraints
Authentication Method: Smart Card or Other Certificate
In the certificate settings : Selected certificate for the RADIUS server
3) Group Policy
a) Computer Configuration/Policies/Security Settings/System Services : Wired Autoconfig (startup mode: Automatic)
b) Wired Network (802.3) Policies
Used Windows wired LAN network services for clients: Enabled
Shared User credentials for network authentication: Enabled
Network Profile/Security Settings
Enable use of IEEE 802.1x authentication for network access: Enabled
IEEE 802.1x settings
Computer Authentication: Computer Only
Network Authentication Method Properties
Authentication Method: Smart card or Certificate
Validate server certificate: Enabled (select CA certificate)
Use a certificate on this computer: Enabled
Use simple certificate selection: Enabled
Workstation clients and RADIUS server authentication certificates are auto enrolled.
Following error is logged on the workstation:
Wired 802.1x Authentication filed
Reason: 0x50005
Reason Text: Network Authentication failed due to a problem with the user account
Error Code: 0x40420110
It looks it is not reaching RADIUS server, therefore nothing on the log.
On Brocade VDX switch log:
warning, 802.1x authentication has failed on port TenGigabitEthernet 1/2/3
I hope someone will be able to assist me with this issue.
Thanks,
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-04-2019 01:52 AM
Yes, it uses the mgmt-vrf if you don't configure it to use any other VRF.
You can confirm by doing 'sh run radius'
sw0# sh run radius
radius-server host 10.1.2.3 use-vrf mgmt-vrf
protocol pap key "Yf0BKEhsc83gp+kIoGMQ/g==\n" encryption-level 7
!
You can confirm by doing 'sh run radius'
sw0# sh run radius
radius-server host 10.1.2.3 use-vrf mgmt-vrf
protocol pap key "Yf0BKEhsc83gp+kIoGMQ/g==\n" encryption-level 7
!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-02-2019 05:20 PM
Does the RADIUS server for dot1x needs to be on the mgmt-vrf?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-01-2019 09:59 PM
Please take a look at page 255 for reference on how to configure dot1x authentication:
https://documentation.extremenetworks.com/networkos/SW/70x/53-1004365-02_L2SwitchingNetworkOS_7.0.1_...
Please also verify the dot1x compatibility check passes between the switch and host.
# dot1x test eapol-capable
If you still have issues after, please contact Extreme GTAC to open a case for this issue.
We will need to verify the Radius communication and configuration with the switch which involves a deeper level troubleshooting session.
https://documentation.extremenetworks.com/networkos/SW/70x/53-1004365-02_L2SwitchingNetworkOS_7.0.1_...
Please also verify the dot1x compatibility check passes between the switch and host.
# dot1x test eapol-capable
If you still have issues after, please contact Extreme GTAC to open a case for this issue.
We will need to verify the Radius communication and configuration with the switch which involves a deeper level troubleshooting session.
