GS1900-24, 802.1x and local aaa
Hi all,
I am trying to set up a GS1900-24 to use 802.1x based on local authentication. When I turn on 802.1x, I am prompted for account name / password (or a certificate) as expected. However, when I enter the correct credentials, my client (MacBook Pro on 10.14.6) times out and does not authenticate.
Neither the logs on the switch nor on the client show anything relevant.
I tried with the default AAA method alone, and I also tried with other ones AAA methods. I did not find any place where I would have to specify which AAA method should be used for 802.1x (I tried the method name "dot1x" too).
This must be something very small and trivial -- but I can't find it. Help would be appreciated.
kind regards,
Christian.
#Biz_Sep_2019
I am trying to set up a GS1900-24 to use 802.1x based on local authentication. When I turn on 802.1x, I am prompted for account name / password (or a certificate) as expected. However, when I enter the correct credentials, my client (MacBook Pro on 10.14.6) times out and does not authenticate.
Neither the logs on the switch nor on the client show anything relevant.
I tried with the default AAA method alone, and I also tried with other ones AAA methods. I did not find any place where I would have to specify which AAA method should be used for 802.1x (I tried the method name "dot1x" too).
This must be something very small and trivial -- but I can't find it. Help would be appreciated.
kind regards,
Christian.
#Biz_Sep_2019
0
All Replies
-
Hi @ChristianWhen you enable 802.1x and configure the port needs to do authentication, the traffic towards the port will be blocked before passing the authAfter passing the auth, the traffic can go throughNormally, 802.1x is cooperated with external server like RADIUS/TACACS+ to do the authenticationSwitch is just a role of forwarder but not a serverThen, server will check if it has this account's info and if the password is correctAbout the AAA auth method, it refers to the method you would like to apply to access switch's web GUI after passing the authenticationIf you configure local, you will use local account to login switch's web GUIIf you configure RADIUS, you will use RADIUS account to login switch's web GUITherefore, if you want to configure 802.1x, you need an extra server to cooperate with the switchThanksBest regards,Zyxel_Derrick0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight