Switching

last person joined: 15 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  RADIUS configuration to Windows Server 2008 R2

    Posted 07-15-2014 05:26

    Hi all,

     

    I'm trying to test port authentication on my EX2200 VC, I have a Radius server that I have configured with the switches IP for the Radius client.  I have it configured on 1 port for testing,  one thing to note is the Radius server is not local to this switch and I have a LACP link between switches.

     

    I'm just getting a private IP and can not see that the Radius server is even receiving the request.

     

    Here is my Juniper config for the Radius:

     

    dot1x {
            authenticator {
                interface {
                    ge-0/0/46.0 {
                        supplicant multiple;
                        retries 1;
                        transmit-period 60;
                        maximum-requests 5;
                    }
                }
            }
        }
        rstp {
            interface ge-0/0/46.0 {
                edge;
            }
            interface all {
                edge;
            }
        }
        lldp {
            interface all;
        }
        lldp-med {
            interface all;
        }
    }
    access {
        radius-server {
            10.0.0.4 {
                secret "$9$puumOIcKMXbs4yls4aZkquO1"; ## SECRET-DATA
                source-address 192.168.86.10;
            }
        }
        profile radiustest {
            authentication-order radius;
            radius {
                authentication-server 10.0.0.4;

     

     

    Thanks

    Ross



  • 2.  RE: RADIUS configuration to Windows Server 2008 R2

    Posted 07-15-2014 09:22

    I see that "can not see that the Radius server is even receiving the request". First is to verify that your switch IP can reach the RADIUS box. Or that the RADIUS box has the way to the switch. If it is you can turn on accounting on the RADIUS box to see if anything is happening. Or do a packet capture on the switch to see if there's traffic being sent to the RADIUS box. Also, I had to add the following to get my authentication to work: 

     

    set system radius-options password-protocol mschap-v2



  • 3.  RE: RADIUS configuration to Windows Server 2008 R2

    Posted 07-15-2014 11:01
    Hi thanks for the reply.. I'll try that.

    Bit more info when I was trying it this afternoon, the logs on the Juniper switch say it can't find the host (radius server) I can ping the radius server and the radius can ping the switch.

    Does it matter it's passing over an aggregated trunk?


  • 4.  RE: RADIUS configuration to Windows Server 2008 R2
    Best Answer

    Posted 07-16-2014 02:13

    Found the problem, the Windows Firewall on the Radius server!  Can't believe it was that simple, as soon as I disabled that it authenticated straight away.

     

    Thanks for the help it led me in the right direction!



  • 5.  RE: RADIUS configuration to Windows Server 2008 R2

    Posted 07-17-2014 00:32

    I did not see this option enabled. You have created the profile, but not applied it.

     

    set dot1x authenticator authentication-profile-name radiustest

     

    So how is supplicant  using the radius server for authentication? Hmm!



  • 6.  RE: RADIUS configuration to Windows Server 2008 R2

    Posted 07-21-2014 12:53
    You're right, the config I pasted above was not complete as I had been deleting and changing things.


  • 7.  RE: RADIUS configuration to Windows Server 2008 R2

    Posted 07-21-2014 12:56

    Ok. NP:)

    Mark your solution about the firewall as the acepted fix.