1 Reply Latest reply on Jul 9, 2015 10:33 AM by levi

    How to set up 802.1x authentication?

    comake New Member

      I found documentation on this topic:

       

      https://supportforums.adtran.com/servlet/JiveServlet/previewBody/2269-102-1-2398/RADIUS%20Authentication%20for%20Device%…

       

      Since I'm using Windows Server 2012, the settings are pretty different. Here's what I've done to try to set this up:

       

      Installed the NAP service on Windows Server 2012. Configured it for Ethernet and added the Adtran router as a RADIUS client. On the Adtran side, I had it set up to point to the NAP server with the pre-shared key. Then forced telnet (Just as a test) to use RADIUS for authentication. When I try to telnet, it brings up the "username". I did debug aaa and debug radius and here's the output:

       

      Router#AAA: New Session on portal 'TELNET 0 (10.0.0.4:38838)'.

      AAA: Session using AUTHENTICATION list 'LoginUseRadius'.

      AAA: Attempting authentication (username/password).

      RADIUS AUTHENTICATION: Sending packet to 10.0.0.2 VRF: -DEFAULT- (1812).

      RADIUS AUTHENTICATION: Waiting on response from server

      RADIUS AUTHENTICATION: Receiving from RADIUS socket

      RADIUS AUTHENTICATION: Response received from server (10.0.0.2) VRF: -DEFAULT- l=20

      RADIUS AUTHENTICATION: Received response from 10.0.0.2 VRF: -DEFAULT-.

      AAA: RADIUS authentication failed.

      AAA: Error in method. Moving to next method 'group radius'

      AAA: Closing Session on portal 'TELNET 0 (10.0.0.4:38838)'.

       

      10.0.0.4 is the test PC, 10.0.0.3 is the Adtran router, 10.0.0.2 is the NAP server and 10.0.0.1 is the Domain Controller. I have registered the NAP server in Active Directory and it's added to the Domain.

       

      Now just in case I missed something and it only works for Port-Auth, I set up the Port Security to use "Auto" for authorization. When I set it up on the PC, it only says "Authentication failed". It doesn't bring up a notification to put in credentials even though I set it up not to use the current credentials.

       

      Sorry for the long post, but I wanted to try to post as much information as I could think of that you'd need.

       

      Any help would be greatly appreciated, thank you!