Comware

Hi everybody,

I have the following problem and hope that with your experience you can help me.

I need to configuring 802.1X in all switches of our network, most of the edges switches are HP 2524. Because of that, in lab, i configured one 2524 and consider that:

VLAN 1 - authenticated (all ports untagged)

VLAN 2 - VOIP (all ports tagged)

VLAN 3 - Unauthenticated

until now, (with success) i can have a domain computer authenticated and a non domain computer receive an ip of the unauthenticated vlan.

The problem is when a put a voip phone in the middle. I have the following situations:

If the voip phone is already configured with VLAN 2. It works perfectly (Because the packet goes with the vlan marked)

If the voip phone is not configured, it receives an IP of the unauthenticated VLAN. (I cannot receive any failure log in NPS - strange!!)

By the way this creates another major security problem, because if i force in one interface of one computer the VLAN 2. The computer will receive an IP of the VLAN 2 because is tagged on the Switch.

Can you guys help me with that?

Regards,

Nuno

I have another situation. Now I can connect one computer to vlan 1 and works. If i connect a voip phone radius server assign vlan 2 and works.

The problem are when i connect a computor to the pc port of the phone device. i have a HELD state in authentication state.


Only phone connected

MAI-802.1X TEST(config)# sh port-access authenticator

Port Access Authenticator Status

Port-access authenticator activated [No] : Yes

Access Authenticator Authenticator Unauth Auth Current
Port Status Control State Backend State VLAN ID VLAN ID VLAN ID
---- ------ -------- -------------- -------------- -------- -------- --------
2 Closed Auto Disconnected Idle 3 1 3
3 Closed Auto Disconnected Idle 3 1 3
4 Closed Auto Disconnected Idle 3 1 3
5 Closed Auto Disconnected Idle 3 1 3
6 Closed Auto Disconnected Idle 3 1 3
7 Closed Auto Disconnected Idle 3 1 3
8 Closed Auto Disconnected Idle 3 1 3
9 Closed Auto Disconnected Idle 3 1 3
10 Closed Auto Disconnected Idle 3 1 3
11 Closed Auto Disconnected Idle 3 1 3
12 Closed Auto Disconnected Idle 3 1 3
13 Closed Auto Disconnected Idle 3 1 3
14 Open Auto Authenticated Idle 3 1 2
15 Closed Auto Disconnected Idle 3 1 3
16 Closed Auto Disconnected Idle 3 1 3
17 Closed Auto Disconnected Idle 3 1 3
18 Closed Auto Disconnected Idle 3 1 3
19 Closed Auto Disconnected Idle 3 1 3
20 Closed Auto Disconnected Idle 3 1 3
21 Closed Auto Disconnected Idle 3 1 3
22 Closed Auto Disconnected Idle 3 1 3
23 Closed Auto Disconnected Idle 3 1 3
24 Closed Auto Disconnected Idle 3 1 3

Computer connected trough phone

MAI-802.1X TEST(config)# sh port-access authenticator

Port Access Authenticator Status

Port-access authenticator activated [No] : Yes

Access Authenticator Authenticator Unauth Auth Current
Port Status Control State Backend State VLAN ID VLAN ID VLAN ID
---- ------ -------- -------------- -------------- -------- -------- --------
2 Closed Auto Disconnected Idle 3 1 3
3 Closed Auto Disconnected Idle 3 1 3
4 Closed Auto Disconnected Idle 3 1 3
5 Closed Auto Disconnected Idle 3 1 3
6 Closed Auto Disconnected Idle 3 1 3
7 Closed Auto Disconnected Idle 3 1 3
8 Closed Auto Disconnected Idle 3 1 3
9 Closed Auto Disconnected Idle 3 1 3
10 Closed Auto Disconnected Idle 3 1 3
11 Closed Auto Disconnected Idle 3 1 3
12 Closed Auto Disconnected Idle 3 1 3
13 Closed Auto Disconnected Idle 3 1 3
14 Closed Auto Held Idle 3 1 3
15 Closed Auto Disconnected Idle 3 1 3
16 Closed Auto Disconnected Idle 3 1 3
17 Closed Auto Disconnected Idle 3 1 3
18 Closed Auto Disconnected Idle 3 1 3
19 Closed Auto Disconnected Idle 3 1 3
20 Closed Auto Disconnected Idle 3 1 3
21 Closed Auto Disconnected Idle 3 1 3
22 Closed Auto Disconnected Idle 3 1 3
23 Closed Auto Disconnected Idle 3 1 3
24 Closed Auto Disconnected Idle 3 1 3