cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
comake
New Contributor

How to set up 802.1x authentication?

I found documentation on this topic:

https://supportforums.adtran.com/servlet/JiveServlet/previewBody/2269-102-1-2398/RADIUS%20Authentica...

Since I'm using Windows Server 2012, the settings are pretty different. Here's what I've done to try to set this up:

Installed the NAP service on Windows Server 2012. Configured it for Ethernet and added the Adtran router as a RADIUS client. On the Adtran side, I had it set up to point to the NAP server with the pre-shared key. Then forced telnet (Just as a test) to use RADIUS for authentication. When I try to telnet, it brings up the "username". I did debug aaa and debug radius and here's the output:

Router#AAA: New Session on portal 'TELNET 0 (10.0.0.4:38838)'.

AAA: Session using AUTHENTICATION list 'LoginUseRadius'.

AAA: Attempting authentication (username/password).

RADIUS AUTHENTICATION: Sending packet to 10.0.0.2 VRF: -DEFAULT- (1812).

RADIUS AUTHENTICATION: Waiting on response from server

RADIUS AUTHENTICATION: Receiving from RADIUS socket

RADIUS AUTHENTICATION: Response received from server (10.0.0.2) VRF: -DEFAULT- l=20

RADIUS AUTHENTICATION: Received response from 10.0.0.2 VRF: -DEFAULT-.

AAA: RADIUS authentication failed.

AAA: Error in method. Moving to next method 'group radius'

AAA: Closing Session on portal 'TELNET 0 (10.0.0.4:38838)'.

10.0.0.4 is the test PC, 10.0.0.3 is the Adtran router, 10.0.0.2 is the NAP server and 10.0.0.1 is the Domain Controller. I have registered the NAP server in Active Directory and it's added to the Domain.

Now just in case I missed something and it only works for Port-Auth, I set up the Port Security to use "Auto" for authorization. When I set it up on the PC, it only says "Authentication failed". It doesn't bring up a notification to put in credentials even though I set it up not to use the current credentials.

Sorry for the long post, but I wanted to try to post as much information as I could think of that you'd need.

Any help would be greatly appreciated, thank you!

0 Kudos
1 Reply
Anonymous
Not applicable

Re: How to set up 802.1x authentication?

comake‌:

Thank you for posting this question in the support community forum.  Unfortunately, we would need to know why the server is rejecting the request.  Also, the ADTRAN's configuration would be helpful, but based on the debug, it appears to be working properly, but it isn't authenticated, but we are unable to determine why without seeing the debug on the server.

We have several guides on configuring AAA, 802.1x, Radius, and TACACS+.  Here is the Configuring AAA in AOS guide.  Here is the Configuring 802.1X in AOS guide.  Here is the 802.1x Port Authentication and How It May Be Used in a Network guide.  Here is the Configuring Microsoft IAS for Radius Authentication with AOS guide.

Please, do not hesitate to reply to this post with any additional information or questions.  I will be happy to help in any way I can.

Levi