Alcatel Unleashed

Hello,

Alcatel 6860E, AOS 8.4.1.233.R02

I need your help
Within my company, we use Windows NPS Service for radius authentication on our Alcatel equipment.
Unfortunately the encryption of the exchange is done in PAP.
Have you already encountered this problem and do you know another tool than NPS Windows in order to best secure this exchange.
Thank you.

Best regards,

Sorry for my English

Yes, in my knowledge OmniSwitches do only support md5 or pap. That is not very secure - so NPS per default forbit this. But you will find in the web infos how to allow it at the NPS. Freeradius is an other tool... but I prever the NPS because the easy integration into the AD.
regards
Silvio

Hy Silvio,

Thanks you for your answer.
regards
Roronoa

Hi Silvio,

Can you provide where can I get info to configure switch for NPS ( Radius) ?
I try to configure, but but is fail . Sorry to said that I first time use Alcatel switch

===========================================
DEV-SS1-FARM_SW1# show aaa-device all-users

Slot MAC User Addr IP Authentication User Network
Port Address Name Vlan Mode Address Type Result Profile Name
-----+-----------------+---------------+----+----+---------------+----+----+---------------
1/ 7 80:e8:2c:c9:20:1b -- 131 Blk - MAC Fail -


DEV-SS1-FARM_SW1# show 802.1x non-supplicant

Slot MAC MAC Authent Classification Vlan Dynamic
Port Address Status Policy Learned UNP
-----+-----------------+----------------+-------------------+--------+--------
01/07 80:e8:2c:c9:20:1b Failed Basic-Blk 131 Disabled

Hi,

Please help on my issue ASAP .
Below is my configuration

===========================
vlan 131 enable name "OTH1"
vlan 131 authentication enable
vlan 131 port default 1/7
vlan port mobile 1/7 bpdu ignore enable
vlan port 1/7 802.1x enable

ip interface "VLAN131" address 172.23.16.1 mask 255.255.254.0 vlan 131 ifindex 2

aaa radius-server "SS1SECASM3" host 172.23.16.170 key f5dc1cc956c0ee9b5a6d0fb95a26bb76 retransmit 3 timeout 2 auth-port 1812 acct-port 1813
aaa authentication console "local"
aaa authentication ssh "local"
aaa authentication 802.1x SS1SECASM3
aaa authentication mac SS1SECASM3
aaa accounting 802.1x SS1SECASM3
aaa accounting mac SS1SECASM3
user password-size min 6
aaa user-network-profile name "Radius" vlan 131 hic disable
aaa user-network-profile name "test" vlan 131 hic disable

! 802.1x :
802.1x 1/7 direction both port-control auto quiet-period 60 tx-period 30 supp-timeout 30 server-timeout 30 max-req 2 re-authperiod 3600 no reauthentication
802.1x 1/7 captive-portal session-limit 12 retry-count 3
802.1x 1/7 supp-polling retry 2
802.1x 1/7 supplicant policy authentication pass user-network-profile Radius default-vlan fail block
802.1x 1/7 non-supplicant policy authentication pass user-network-profile test default-vlan fail block
802.1x 1/7 captive-portal policy authentication pass default-vlan fail block

==========================
DEV-SS1-FARM_SW1# show aaa-device all-users

Slot MAC User Addr IP Authentication User Network
Port Address Name Vlan Mode Address Type Result Profile Name
-----+-----------------+---------------+----+----+---------------+----+----+---------------
1/ 7 80:e8:2c:c9:20:1b -- 131 Blk - MAC Fail -


DEV-SS1-FARM_SW1# show 802.1x non-supplicant

Slot MAC MAC Authent Classification Vlan Dynamic
Port Address Status Policy Learned UNP
-----+-----------------+----------------+-------------------+--------+--------
01/07 80:e8:2c:c9:20:1b Failed Basic-Blk 131 Disabled


DEV-SS1-FARM_SW1# show 802.1x device classification policies
Device classification policies on 802.1x port 1/7
Supplicant:
authentication:
pass: UNP Radius, default-vlan
fail: block
Non-Supplicant:
authentication:
pass: UNP test, default-vlan
fail: block
Captive Portal:
authentication:
pass: default-vlan (default)
fail: block (default)

DEV-SS1-FARM_SW1#

Hello,

Did you try to use the mac as user and password but without ":" and using capital charters?
And try to put the "block" before the "fail"