Dell PowerConnect n2000 Freeradius issue

Is the Windows 7 client able to ping the FreeRadius server? Can you show us the config on the switch? We can help look through the config. Is FreeRadius logging anything in it's logs?

Hi,

The windows 7 client is able to ping FreeRadius when it is put in vlan 2 (it's happen when the client is to long to authenticate with his ID), before the port on switch for this client is unauthorize and client has no ip address.

This is my switch configuration :

!Current Configuration:
!System Description "Dell Networking N2048, 6.1.0.6, Linux 3.6.5-320b2282"
!System Software Version 6.1.0.6
!
configure
vlan 2
name "defaut"
exit
vlan 3
name "test"
exit
vlan 4
name "testdev"
exit
vlan 5
name "test2"
exit
vlan 6
name "testdev2"
exit
vlan 99
name "Admin"
exit
vlan 2-6,99
exit
slot 1/0 5 ! Dell Networking N2048
stack
member 1 8 ! N2048
exit
ip default-gateway 10.110.0.1
ip route 0.0.0.0 0.0.0.0 10.110.0.1 253
interface vlan 1
ip address dhcp
exit
interface vlan 99
ip address 10.110.99.10 255.255.255.0
exit
username "root" password 289e5029c80877b7805331f66f2a5014 privilege 15 encrypted
authentication enable
dot1x system-auth-control
dot1x system-auth-control monitor
aaa authentication dot1x default radius
aaa authorization network default radius
dot1x dynamic-vlan enable
radius-server source-ip 10.110.99.10
radius-server key "mykey"
radius-server host auth 10.110.99.1
primary
name "Pfsense"
usage 802.1x
key "mykey"
exit
radius-server host acct 10.110.99.1
name "Pfsense"
exit
!
interface Gi1/0/1
switchport access vlan 99
dot1x port-control force-authorized
exit
!
interface Gi1/0/2
dot1x reauthentication
dot1x timeout quiet-period 30
dot1x timeout re-authperiod 300
dot1x timeout guest-vlan-period 20
dot1x guest-vlan 2
dot1x unauth-vlan 2
authentication order dot1x
authentication priority dot1x
exit
!
interface Gi1/0/3
dot1x reauthentication
dot1x timeout re-authperiod 300
dot1x timeout guest-vlan-period 20
dot1x guest-vlan 2
dot1x unauth-vlan 2
authentication order dot1x
authentication priority dot1x
exit
!
interface Gi1/0/47
switchport mode trunk
dot1x port-control force-authorized
exit
snmp-server engineid local 800002a203f8b15667709b
exit

the windows 7 client is plug on : interface Gi1/0/2

FreeRadius is on a Pfsense Server logs don't speak very much, he just says when is ready.

(sorry for my english :( )

I don't know why but i have reboot the switch and the authentication seems to work, but not the vlan attribution, even the authentication is sucessful, I am always in Vlan1.

On the switch in Switching/dot1x authentication/Monitoring mode/port access control history :

Dot1x Radius Accept Process - VLAN[3] Assigment Failure, Fail to authenticate

We are close....

Glad to hear you are one step closer. Can you please pull the dot1x stats from these interfaces? I am interested to see if we see any errors here.

console#show dot1x interface gigabitethernet 1/0/2 statistics

console#show dot1x interface gigabitethernet 1/0/3 statistics

The interfaces should have the following as the default settings, but it won't hurt to run the commands just to be sure they are in place.

console(config)#interface range Gi1/0/2-3
console(config-if)#switchport mode access
console(config-if)#dot1x port-control auto

FreeRadius has some logging that we can look at, and compare with the logging on the switch.

http://bit.ly/237qHlE