Unsolved
This post is more than 5 years old
1 Message
0
18905
February 17th, 2015 06:00
dot1x n3000 Authentication-Based VLAN Assignment
I am looking for an experience with 802.1x on n3048 switch(stack) and Windows7. We use Aruba ClearPass Guest OS release 3.9 as a RADIUS server for Authentication-Based VLAN Assignment successfully with Power Connect 7048 switches and Windows 7 in our ActiveDirectory environment. Unfortunately we are not able to achieve the same using new N3048 switches and OS Windows7/8. On the other hand, Linux is able to work with Authentication-Based VLAN Assignment using similar configuration as we use for Windows on both Power Connect 7048 and N3048. For both of the OS we use PEAP and MSCHAP v2 with root Certificate issued by our Certificate Authority. The certificate use sha1 Signature hash algorithm. What should be different for N3048 configuration comparing with PC 7048?
Our port configuration
for PC 7048:
interface Gi3/0/14
switchport voice detect auto
description "comp1"
spanning-tree portfast
mtu 9216
switchport mode general
dot1x reauthentication
dot1x guest-vlan 4
exit
for N3048:
interface Gi2/0/28
switchport voice detect auto
description "test dot1x"
spanning-tree portfast
dot1x reauthentication
dot1x timeout re-authperiod 300
dot1x max-req 5
dot1x guest-vlan 4
dot1x unauth-vlan 23
exit
For N3048 I use configuration recommended in user manual but id does not work (for Windows only) as well as the copied configuration from PC7048.
I have a debug from RADIUS, but it is quite long. A part of it follows:
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] >>> TLS 1.0 Alert [length 0002], fatal bad_record_mac
TLS Alert write:fatal:bad record mac
[peap] TLS_accept: Need to read more data: SSLv3 read certificate verify A
rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4
[peap] EAPTLS_OTHERS
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect (TLS Alert write:fatal:bad record mac): [KONSTRU\\zzkousec] (from client EVAT LS2 port 83 cli 18:03:73:2e:05:0f)
Using Post-Auth-Type REJECT
I will appreciate an advice
Jaromir
0 events found