802.1x anyone?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

802.1x anyone?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
802.1x anyone?
802.1x anyone?
2013-09-14 17:10:13
Region : UnitedKingdom

Model : TL-SG3424P

Hardware Version : V2

Firmware Version : 1.0.2 Build 20130118 Rel.48347

ISP : N/A


Hi,

I have tried 2 of our 4 new switches to get 802.1x working.

Using wireshark i can see that the EAP request for identity is coming into the laptop and the laptop responds to MAC 01:80:c2:00:00:03 with my windows username, so far so good.

However it looks like the switch never receives this response and logs the port as "Client identity-response timeout" within Maintenance > Log > Log Table.

I have tried the software client on Windows 7 x64 as well but that gives me the error "Failed to enable network adapter. Network cant be". This error is pretty useless as it seems to be truncated off the edge of the dialogue box. I know winpcap is working on the supplicant as i have wireshark running and packet capturing. Just in case there is a conflict between ws and the tp-supplicant app i stopped and closed WS. It made no differece.

I contacted tp link support with the above and to ask if the switch was true 802.1x compliant (as in why need the software, could it (the switch) work with linux unix) and they responded with:

As you have mentioned in your first email, with the wireshark you can see that the EAP request for identity is coming into the laptop and the laptop responds to MAC 01:80:c2:00:00:03 with your username , I think the switch has received and responded to the request for identity.
For the information in the log about Client identity-response timeout, did you see it in the Maintenance→Log→Log Table?
It should be normal, as the Supplicant system has a Supplicant system timer (Supplicant Timeout), when your client identity-response timeout, the switch will resent the request to the client.
For the details about that, you can see page 174 in the link below.
http://www.tp-link.com/resources/document/TL-SG3424P_V2_User_Guide.pdf

For the TPsupplicant, did you try to install it on the Linux? I am afraid that it is not applied to Linux.
Have you tried to install it on your windows computer?
You can try to install it with the page 241 in the above link.


Looking at page 174, they either have the wrong page referenced or you need to do something with ARP detection as well?

If anyone could give me any pointers on how to get this working i would appreciate it.

Thanks and regards
Alex
  0      
  0      
#1
Options
2 Reply
Wont work
2013-09-25 01:36:53
So, after all of that it seems that the switches use their own version of 802.1x.

This means that they wont work with the native windows client. You therefore end up with a chicken and egg scenario with regards to new users.

New user logs on to windows. Windows cant authenticate user as the software isnt running

You cant run the software until you logon. Brilliant!

I've gone for some nice D-Link switches instead and guess what? Within 20 mins i had my laptop authenticating onto the network with my NPS 2008r2 server.

Hope that this helps anyone who was stuck like i was.

Regards
Alex
  0  
  0  
#2
Options
Nice post
2013-10-02 20:43:09
Here those on!
  0  
  0  
#3
Options

Information

Helpful: 0

Views: 1015

Replies: 2

Related Articles