GS1900-24, 802.1x and local aaa

Christian

Hi all,

I am trying to set up a GS1900-24 to use 802.1x based on local authentication. When I turn on 802.1x, I am prompted for account name / password (or a certificate) as expected. However, when I enter the correct credentials, my client (MacBook Pro on 10.14.6) times out and does not authenticate.

Neither the logs on the switch nor on the client show anything relevant. 

I tried with the default AAA method alone, and I also tried with other ones AAA methods. I did not find any place where I would have to specify which AAA method should be used for 802.1x (I tried the method name "dot1x" too). 

This must be something very small and trivial -- but I can't find it. Help would be appreciated. 

kind regards,
   Christian. 


#Biz_Sep_2019

Zyxel_Derrick

Hi @Christian

When you enable 802.1x and configure the port needs to do authentication, the traffic towards the port will be blocked before passing the auth

After passing the auth, the traffic can go through

Normally, 802.1x is cooperated with external server like RADIUS/TACACS+ to do the authentication

Switch is just a role of forwarder but not a server 

Then, server will check if it has this account's info and if the password is correct 

About the AAA auth method, it refers to the method you would like to apply to access switch's web GUI after passing the authentication

If you configure local, you will use local account to login switch's web GUI

If you configure RADIUS, you will use RADIUS account to login switch's web GUI

Therefore, if you want to configure 802.1x, you need an extra server to cooperate with the switch

Thanks

Best regards,

Zyxel_Derrick