Hello,
Alcatel 6860E, AOS 8.4.1.233.R02
I need your help
Within my company, we use Windows NPS Service for radius authentication on our Alcatel equipment.
Unfortunately the encryption of the exchange is done in PAP.
Have you already encountered this problem and do you know another tool than NPS Windows in order to best secure this exchange.
Thank you.
Best regards,
Sorry for my English
Radius Alcatel 6860E
Re: Radius Alcatel 6860E
Yes, in my knowledge OmniSwitches do only support md5 or pap. That is not very secure - so NPS per default forbit this. But you will find in the web infos how to allow it at the NPS. Freeradius is an other tool... but I prever the NPS because the easy integration into the AD.
regards
Silvio
regards
Silvio
Re: Radius Alcatel 6860E
Hy Silvio,
Thanks you for your answer.
regards
Roronoa
Thanks you for your answer.
regards
Roronoa
Re: Radius Alcatel 6860E
Hi Silvio,
Can you provide where can I get info to configure switch for NPS ( Radius) ?
I try to configure, but but is fail . Sorry to said that I first time use Alcatel switch
===========================================
DEV-SS1-FARM_SW1# show aaa-device all-users
Slot MAC User Addr IP Authentication User Network
Port Address Name Vlan Mode Address Type Result Profile Name
-----+-----------------+---------------+----+----+---------------+----+----+---------------
1/ 7 80:e8:2c:c9:20:1b -- 131 Blk - MAC Fail -
DEV-SS1-FARM_SW1# show 802.1x non-supplicant
Slot MAC MAC Authent Classification Vlan Dynamic
Port Address Status Policy Learned UNP
-----+-----------------+----------------+-------------------+--------+--------
01/07 80:e8:2c:c9:20:1b Failed Basic-Blk 131 Disabled
Can you provide where can I get info to configure switch for NPS ( Radius) ?
I try to configure, but but is fail . Sorry to said that I first time use Alcatel switch
===========================================
DEV-SS1-FARM_SW1# show aaa-device all-users
Slot MAC User Addr IP Authentication User Network
Port Address Name Vlan Mode Address Type Result Profile Name
-----+-----------------+---------------+----+----+---------------+----+----+---------------
1/ 7 80:e8:2c:c9:20:1b -- 131 Blk - MAC Fail -
DEV-SS1-FARM_SW1# show 802.1x non-supplicant
Slot MAC MAC Authent Classification Vlan Dynamic
Port Address Status Policy Learned UNP
-----+-----------------+----------------+-------------------+--------+--------
01/07 80:e8:2c:c9:20:1b Failed Basic-Blk 131 Disabled
Re: Radius Alcatel 6860E
Hi,
Please help on my issue ASAP .
Below is my configuration
===========================
vlan 131 enable name "OTH1"
vlan 131 authentication enable
vlan 131 port default 1/7
vlan port mobile 1/7 bpdu ignore enable
vlan port 1/7 802.1x enable
ip interface "VLAN131" address 172.23.16.1 mask 255.255.254.0 vlan 131 ifindex 2
aaa radius-server "SS1SECASM3" host 172.23.16.170 key f5dc1cc956c0ee9b5a6d0fb95a26bb76 retransmit 3 timeout 2 auth-port 1812 acct-port 1813
aaa authentication console "local"
aaa authentication ssh "local"
aaa authentication 802.1x SS1SECASM3
aaa authentication mac SS1SECASM3
aaa accounting 802.1x SS1SECASM3
aaa accounting mac SS1SECASM3
user password-size min 6
aaa user-network-profile name "Radius" vlan 131 hic disable
aaa user-network-profile name "test" vlan 131 hic disable
! 802.1x :
802.1x 1/7 direction both port-control auto quiet-period 60 tx-period 30 supp-timeout 30 server-timeout 30 max-req 2 re-authperiod 3600 no reauthentication
802.1x 1/7 captive-portal session-limit 12 retry-count 3
802.1x 1/7 supp-polling retry 2
802.1x 1/7 supplicant policy authentication pass user-network-profile Radius default-vlan fail block
802.1x 1/7 non-supplicant policy authentication pass user-network-profile test default-vlan fail block
802.1x 1/7 captive-portal policy authentication pass default-vlan fail block
==========================
DEV-SS1-FARM_SW1# show aaa-device all-users
Slot MAC User Addr IP Authentication User Network
Port Address Name Vlan Mode Address Type Result Profile Name
-----+-----------------+---------------+----+----+---------------+----+----+---------------
1/ 7 80:e8:2c:c9:20:1b -- 131 Blk - MAC Fail -
DEV-SS1-FARM_SW1# show 802.1x non-supplicant
Slot MAC MAC Authent Classification Vlan Dynamic
Port Address Status Policy Learned UNP
-----+-----------------+----------------+-------------------+--------+--------
01/07 80:e8:2c:c9:20:1b Failed Basic-Blk 131 Disabled
DEV-SS1-FARM_SW1# show 802.1x device classification policies
Device classification policies on 802.1x port 1/7
Supplicant:
authentication:
pass: UNP Radius, default-vlan
fail: block
Non-Supplicant:
authentication:
pass: UNP test, default-vlan
fail: block
Captive Portal:
authentication:
pass: default-vlan (default)
fail: block (default)
DEV-SS1-FARM_SW1#
Please help on my issue ASAP .
Below is my configuration
===========================
vlan 131 enable name "OTH1"
vlan 131 authentication enable
vlan 131 port default 1/7
vlan port mobile 1/7 bpdu ignore enable
vlan port 1/7 802.1x enable
ip interface "VLAN131" address 172.23.16.1 mask 255.255.254.0 vlan 131 ifindex 2
aaa radius-server "SS1SECASM3" host 172.23.16.170 key f5dc1cc956c0ee9b5a6d0fb95a26bb76 retransmit 3 timeout 2 auth-port 1812 acct-port 1813
aaa authentication console "local"
aaa authentication ssh "local"
aaa authentication 802.1x SS1SECASM3
aaa authentication mac SS1SECASM3
aaa accounting 802.1x SS1SECASM3
aaa accounting mac SS1SECASM3
user password-size min 6
aaa user-network-profile name "Radius" vlan 131 hic disable
aaa user-network-profile name "test" vlan 131 hic disable
! 802.1x :
802.1x 1/7 direction both port-control auto quiet-period 60 tx-period 30 supp-timeout 30 server-timeout 30 max-req 2 re-authperiod 3600 no reauthentication
802.1x 1/7 captive-portal session-limit 12 retry-count 3
802.1x 1/7 supp-polling retry 2
802.1x 1/7 supplicant policy authentication pass user-network-profile Radius default-vlan fail block
802.1x 1/7 non-supplicant policy authentication pass user-network-profile test default-vlan fail block
802.1x 1/7 captive-portal policy authentication pass default-vlan fail block
==========================
DEV-SS1-FARM_SW1# show aaa-device all-users
Slot MAC User Addr IP Authentication User Network
Port Address Name Vlan Mode Address Type Result Profile Name
-----+-----------------+---------------+----+----+---------------+----+----+---------------
1/ 7 80:e8:2c:c9:20:1b -- 131 Blk - MAC Fail -
DEV-SS1-FARM_SW1# show 802.1x non-supplicant
Slot MAC MAC Authent Classification Vlan Dynamic
Port Address Status Policy Learned UNP
-----+-----------------+----------------+-------------------+--------+--------
01/07 80:e8:2c:c9:20:1b Failed Basic-Blk 131 Disabled
DEV-SS1-FARM_SW1# show 802.1x device classification policies
Device classification policies on 802.1x port 1/7
Supplicant:
authentication:
pass: UNP Radius, default-vlan
fail: block
Non-Supplicant:
authentication:
pass: UNP test, default-vlan
fail: block
Captive Portal:
authentication:
pass: default-vlan (default)
fail: block (default)
DEV-SS1-FARM_SW1#
Re: Radius Alcatel 6860E
Hello,
Did you try to use the mac as user and password but without ":" and using capital charters?
And try to put the "block" before the "fail"
Did you try to use the mac as user and password but without ":" and using capital charters?
And try to put the "block" before the "fail"
Best Regards
Jose Alves
Jose Alves
