Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  EX4200 - 802.1X - Request not sent

    Posted 02-23-2011 07:43

    Hello,

     

    I'm trying to build a radius authentication on my EX4200.

     

    So, I installed a Freeradius server and configured 802.1X authentication on the EX4200.

     

    My issue is when I try to authenticate with a computer connected to the EX4200, there is no request send to the radius server.

     

    Following, this is the traceoptions on the EX4200 :

     

     

     

    Feb 23 16:22:01 trace_on: Tracing to "/var/log/dot1x" started
    Feb 23 16:22:01.785917 esp client start recv job
    Feb 23 16:22:01.792882 background dispatch running job esp recv for task ESP Client.128.0.0.1
    Feb 23 16:22:01.792941 eswd lib mac auth query
    Feb 23 16:22:01.792967 eswd lib Received mac auth query
    Feb 23 16:22:01.792989 Fdb query from eswd mac 58:55:ca:25:50:f0 vlan id 3
    Feb 23 16:22:01.793026 Mac address 58:55:ca:25:50:f0 on interface ge-0/0/2.0 NOT found in Static list
    Feb 23 16:22:01.793056 Authentication check for mac 58:55:ca:25:50:f0 on i/f 65 vlan configured/default returned pending : vid = 0
    Feb 23 16:22:01.793080 eswd lib Sending reply for mac authentication
    Feb 23 16:22:01.793157 background dispatch running job esp tx queue for task ESP Client.128.0.0.1
    Feb 23 16:22:01.794089 esp client Dequeue tx job. Bytes sent 40
    Feb 23 16:22:02.099250 esp client start recv job
    Feb 23 16:22:02.099402 background dispatch running job esp recv for task ESP Client.128.0.0.1
    Not really usefull.
    Following, the configuration on my EX4200 :
    radius-server {
        10.14.1.33 {
            port 1812;
            secret "$9$2igGiPfz6CuQFu1EyW8VwYgZUik.5z3"; ## SECRET-DATA
            source-address 10.11.1.201;
        }
    }
    profile profile1 {
        authentication-order radius;
        radius {
            authentication-server 10.14.1.33;
        }
    }
    dot1x {
        traceoptions {
            file dot1x;
            flag all;
        }
        authenticator {
            interface {
                ge-0/0/2.0 {
                    supplicant multiple;
                    transmit-period 60;
                    reauthentication 5;
                    supplicant-timeout 5;
                    server-timeout 5;
                    maximum-requests 5;
                }
            }
        }
    }
    The EX4200 is abble to join the Radius Server 
    root# run ping 10.14.1.33
    PING 10.14.1.33 (10.14.1.33): 56 data bytes
    64 bytes from 10.14.1.33: icmp_seq=0 ttl=62 time=1.732 ms
    64 bytes from 10.14.1.33: icmp_seq=1 ttl=62 time=1.425 ms
    I tried with OS X and Windows client.
    I don't know what is missing to enable request forwarding to the radius server.
    Someone has an idea ?
    Thanks.

     



  • 2.  RE: EX4200 - 802.1X - Request not sent
    Best Answer

    Posted 02-24-2011 02:16

    You need to attach authentication profile to do1x stanza

     

    Regards,

    Piotr Bratkowski



  • 3.  RE: EX4200 - 802.1X - Request not sent

    Posted 02-28-2011 00:13

    Simply.

     

    Thanks.

     

     



  • 4.  RE: EX4200 - 802.1X - Request not sent

    Posted 11-29-2011 04:04

    you saved my day thanks 

    @pioterbrat wrote:

    You need to attach authentication profile to do1x stanza

     

    Regards,

    Piotr Bratkowski