802.1X fails to pass authentication at MA5200F because of “uploading IP” configu

Created: Apr 4, 2016 20:44:18Latest reply: Apr 4, 2016 22:14:09 1117 1 0 0

Version: MA2.130-7135 (Independent of versions)
Client Version: HUAWEI 2.10 (Independent of versions) 
Install HUAWEI 802.1x dial-in client at PC. In dial-in authentication, it always prompts failure, and users cannot access network.



  • x
  • convention:

Alan_brown     Created Apr 4, 2016 22:14:09 Helpful(0) Helpful(0)

Alarm Information

Turn on the switch of debug radius packet for MA5200F. When the domain is configured with eap-end pap, it shows the user name is irrecognizable, as follows:
* [2005/08/02 19:55:22-] RDS-8-02033000:
  Radius Sent a Packet
  Server Group: 1
  Server IP   : 10.219.250.5
  Protocol: IPhotel
  Code    : 1
  Len     : 203
  ID      : 17
  [User-name(1)                       ] [4 ] []
  [Password(2)                        ] [18] [0ab541de64bebb4d6f06e15f08246a3b]
  [NAS-Port(5)                        ] [6 ] [102420]
When the domain is configured to eap-end chap, we could see the correct user name, but it prompts failure of authentication, being rejected by RADIUS. 


Handling Process

1. Turn on the switch of debug radius packet for MA5200F. When using PAP authentication, MA5200 shows that the user name at RADIUS is unrecognizable;
2. Capture packets at client. It is found that the user name sent by a client is unrecognizable, so we could ascertain that the client is problematic;
3. Check the options selected at client. “Upload the IP of client”  is marked. As soon as the option is removed, services are resumed normally.


Root Cause

The problem roots in that the client selects “Upload the IP of client” option, so when the client uses PAP authentication, it uploads false user name . MA5200 does not regard the user name as ASCII, resulting in failure of authentication of the user. Perhaps different options at client do not work well with OS, causing the user name sent by the client to be error.




  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top