<HTML>
<HEAD>
<TITLE>Re: (RADIATOR) dot1x auth problems on HP switch</TITLE>
</HEAD>
<BODY>
<FONT SIZE="4"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>As an update,<BR>
Just pointed the switch at a Radiator-4.1 server and the Access-Request shown below worked in that Radiator rejected the request because we don’t allow hostbased authentication.<BR>
<BR>
<BR>
Alex<BR>
<BR>
<BR>
On 4/25/08 11:56 AM, "Alex Sharaz" <A.Sharaz@hull.ac.uk> wrote:<BR>
<BR>
</SPAN></FONT></FONT><BLOCKQUOTE><FONT SIZE="4"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Chaps,<BR>
We’ve implemented wired 802.1x auth in one of our RESNET sites usin HP 3400 switches. This has been running since sept 2007 without a problem.<BR>
I’m now rolling out wired dot1x in one of our PC rooms (HP 2900 switch) . Switch config wise there is no difference between the 3400 and the 2900 boxes.<BR>
<BR>
The problem is that the 3400 always works and the 2900 is generating the following in the Radiator logs:-<BR>
<BR>
Fri Apr 25 11:02:38 2008: DEBUG: Packet dump:<BR>
*** Received from 150.237.162.254 port 2440 ....<BR>
Code: Access-Request<BR>
Identifier: 18<BR>
Authentic: ]<163>!<25><130><191><185>R<245>]<240><9><232>l<132><143><BR>
Attributes:<BR>
Framed-MTU = 1466<BR>
NAS-IP-Address = 150.237.162.254<BR>
NAS-Identifier = "CC_PC2_HP2900-48"<BR>
User-Name = "ccsas@hull.ac.uk"<BR>
Service-Type = Framed-User<BR>
Framed-Protocol = PPP<BR>
NAS-Port = 30<BR>
NAS-Port-Type = Ethernet<BR>
NAS-Port-Id = "30"<BR>
Called-Station-Id = "00-1c-2e-11-4b-40"<BR>
Calling-Station-Id = "00-a0-d1-bc-29-de"<BR>
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"<BR>
Tunnel-Type = 0:VLAN<BR>
Tunnel-Medium-Type = 0:802<BR>
Tunnel-Private-Group-ID = 1620<BR>
EAP-Message = <2><11><0><21><1>ccsas@hull.ac.uk<BR>
Message-Authenticator = <244><176>q<184><226><241><240><25><246>#<143><225><199><210>M<254><BR>
<BR>
Fri Apr 25 11:02:38 2008: WARNING: Bad EAP Message-Authenticator<BR>
Fri Apr 25 11:02:38 2008: WARNING: Bad authenticator in request from 150.237.162.254 (150.237.162.254)<BR>
<BR>
Can’t see anything wrong. The only difference seems to be in the Framed-MTU size <BR>
<BR>
An hp 3400 box generates this:-<BR>
<BR>
ri Apr 25 00:15:38 2008: DEBUG: Packet dump:<BR>
*** Received from 150.237.251.198 port 1024 ....<BR>
Code: Access-Request<BR>
Identifier: 114<BR>
Authentic: Z<182>&<237>.N<9>M6SU<173><177><194><220>u<BR>
Attributes:<BR>
Framed-MTU = 1480<BR>
NAS-IP-Address = 150.237.251.198<BR>
NAS-Identifier = "TC2-Brantingham_HP3400"<BR>
User-Name = "339804@hull.ac.uk"<BR>
Service-Type = Framed-User<BR>
Framed-Protocol = PPP<BR>
NAS-Port = 7<BR>
NAS-Port-Type = Ethernet<BR>
NAS-Port-Id = "7"<BR>
Called-Station-Id = "00-12-79-49-7c-c0"<BR>
Calling-Station-Id = "00-1b-24-48-65-60"<BR>
Connect-Info = "CONNECT Ethernet 10Mbps Full duplex"<BR>
Tunnel-Type = 0:VLAN<BR>
Tunnel-Medium-Type = 0:802<BR>
Tunnel-Private-Group-ID = 290<BR>
EAP-Message = <2>?<0><22><1>339804@hull.ac.uk<BR>
Message-Authenticator = En<180><241><248>6<232><178><225><154><242><160>K,<238><204><BR>
<BR>
Anyone using radiator with HP 2900 switches?<BR>
<BR>
I’m running radiator 4.2 with patch file 1.915<BR>
<BR>
Alex<BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></SPAN></FONT><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'>*****************************************************************************************<BR>
To view the terms under which this email is distributed, please go to <a href="http://www.hull.ac.uk/legal/email_disclaimer.html">http://www.hull.ac.uk/legal/email_disclaimer.html</a><BR>
*****************************************************************************************<BR>
</SPAN></FONT></FONT></BLOCKQUOTE>
</BODY>
</HTML>