Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

K

KROLRULES

3 Posts

37332

June 17th, 2005 18:00

Using RADIUS for Port Based Authentication

Somebody correct me if I am wrong, but I beleive that I can use port-based authentication on my 5324 PowerConnect switches to make sure that a workstation connected to the port is part of my domain and isn't a rouge peice of equipment.
 
I am trying to use the 5324 in a Windows 2003 domain with Windows XP workstations.  I have my Windows 2003 server using IAS (RADIUS).
 
I believe that I have my switches configured correctly, as well as my workstations.  However, through about 3 days of trial-and-error and countless configuration schemes, I have failed to get this port-based authentication to work properly.  I have used different IAS profiles (MD5, EAP, NAS-type ethernet, group authentication), configured the switch many different ways, the client in many different ways... and I give up.
 
Can anybody share their secrets on how they had this working in their enviorment?  Is there any documentation on how this should be correctly applied to the switchs and how IAS should be configured?
 
Thanks for any help!
 
 

Message Edited by KROLRULES on 06-23-2005 06:24 AM

DELL-GregG

812 Posts

June 20th, 2005 10:00

PowerConnect switches do not currently support 802.1x authentication when used in conjunction with Windows IAS. The IAS server sends an attribute in the MD5-Challenge packet that the switch does not support (Session Timeout - VSA 27). The switch treats this as an invalid Challenge packet and silently drops the connection.
 
There does not appear to be an option in IAS to disable this attribute. You might try contacting MS to inquire whether this attribute can be disabled (possibly by modifying the registry).
 
When configured properly, Steel-Belted RADIUS and Cisco Secure ACS will properly authenticate users via 802.1x.

DELL-GregG

812 Posts

June 20th, 2005 14:00

There is no list of RADIUS servers that have been tested for compatibility with 802.1x on the 5324. The only confirmed RADIUS server used by our software engineers is Steel Belted RADIUS. As long as it supports EAP using MD5 Challenges and does not send unsupported VSAs, any RADIUS server should work.

KROLRULES

3 Posts

June 20th, 2005 14:00

Thanks for the reply,
 
Besides the two RADIUS servers you have listed, do you have any type of list on what has been tested to work with the Switch?
 
Thanks,

cvandusen

25 Posts

July 6th, 2005 16:00

So, If we have only Windows IAS, that makes theuse switches useless in terms of being able to authenticate traffic to the port?
 
Charlie

Nuno Neves

5 Posts

April 22nd, 2006 01:00

I am trying to setup this with a 3448 and freeradius.

 

The problem is that the switch issues an EAP Identity Request to the clients, and, no matter which client I have, it always fails. But I only want to know the MAC address, so why ask the OS?

 

Anyway, it just keeps asking the client and never sends any request to the radius server.

 

How can I set this up with 3448?

 

Thank you,

Nuno Neves

5 Posts

April 24th, 2006 10:00

But the thing is that the switch does not even try to connect the RADIUS server...

 

I've put a tcpdump running, and no packet arrives at the RADIUS server

Anyway, I already got the switches ( :( ), so, I'll have to try a different approach to make them work.

 

Thank you,

KROLRULES

3 Posts

April 24th, 2006 10:00

Freeradius will not work with any Dell switch.  Unfortuantly, Dell does not advertise this when they sell their switches.  The only RADIUS brand that will work is Steel Belted Radius, and it will cost you anywhere from $2,000 to $10,000 to purchase.!  

My advice, the HP Procurves support Freeradius and Microsoft IAS RADIUS brands right out of the box, along with about a dozen other brands of RAIDUS and Tactics.  Although their switches are about twice as much as Dell, you get a better supported RADIUS configuration.

Telarian

1 Message

April 16th, 2010 12:00

uh, it's probably just because these posts are old, but when other people happen upon this...

You should know that Microsoft IAS works quite well with Dell switches.

Here is a guide: www.dell.com/downloads/global/products/pwcnt/en/3424_radius_auth_using_msserver.pdf

View More

View All

No Events found!

Top