[802.1x] S5720-52X-PWR-SI-AC PROBLEM

Created: Dec 22, 2016 03:24:05Latest reply: Sep 21, 2018 12:59:04 2177 10 0 0
  Rewarded Hi-coins: 0 (problem resolved)
Hi Guys


I made all 802.1x configuration in our switches and it's work fine but I found an perhaps that will try to explain:

PC1 is connected to gigabit 0/0/1 and authenticated.
PC1 is disconnected from that port and another device(PC2) is connected there and doesn't authenticate but the device is able to get the same VLAN that PC1 got when authenticated.

If I connect PC2 to another port, the authentication will fail and the guest vlan will be served as expected.

Why it's happening ?

Tks

Luiz Ricardo
  • x
  • convention:

Featured Answers
Created Sep 21, 2018 12:59:04 Helpful(0) Helpful(0)

Hello,

Please do some test with following recommendations:
1) try to use the access control on an interface to be based on MAC addresses. In your case, when the port method is used, all the other 802.1X users on an interface can use network resources as long as one user is authenticated successfully. When the authenticated user goes offline, other users cannot use network resources. The port method is applicable to group users.
When the mac method is used, all 802.1X users on an interface are authenticated one by one. If a user goes offline, other users on this interface are not affected. The mac method is applicable to individual users.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x port-method mac

2)specify the user gateway IP address and its corresponding MAC address as the source IP address and source MAC address of offline detection packets. You can find them with 'display interface' command.
<HUAWEI> system-view
[HUAWEI] access-user arp-detect vlan 10 ip-address 192.168.1.1 mac-address 2222-1111-1234

  • x
  • convention:

BEST ANSWER! If you think I earn it!
If this post was useful to you, please click the Helpful button and flag my post as a "BEST ANSWER" so others can benefit. Thank you
All Answers
icycan Created Dec 22, 2016 10:07:21 Helpful(0) Helpful(0)

I'm sorry.I've never used this device.Will someone to help you, good luck!
  • x
  • convention:

negoluiz Created Dec 23, 2016 20:17:39 Helpful(0) Helpful(0)

Waiting a help from someone!
  • x
  • convention:

gululu Admin Created Dec 24, 2016 14:28:27 Helpful(0) Helpful(0)

@Lemon @kmyd @撒么 please help
  • x
  • convention:

Come on!
negoluiz Created Dec 26, 2016 20:15:33 Helpful(0) Helpful(0)

Posted by 咕噜噜 at 2016-12-24 14:28 @Lemon @kmyd @撒么 please help
Please help, guys!
  • x
  • convention:

ogh Created Dec 30, 2016 23:43:43 Helpful(0) Helpful(0)

Do can you post the port configuration??

Rating

Number of participants 1E-coins +2 Collapse Reasons
社区管理员咕噜噜 + 2 Awesome!

View All scores

  • x
  • convention:

negoluiz Created Jan 2, 2017 20:09:02 Helpful(0) Helpful(0)

Posted by ogh at 2016-12-30 23:43 Do can you post the port configuration??
Hi @ogh

Here is..

dot1x enable
dot1x authentication-method eap
dot1x timer tx-period 10

undo authentication unified-mode

interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
stp edged-port enable
dot1x enable
dot1x max-user 1
authentication guest-vlan 50
dot1x port-method port
dot1x authentication-method eap
#

Tks
  • x
  • convention:

negoluiz Created Jan 5, 2017 00:02:36 Helpful(0) Helpful(0)

@ogh hello buddy.. please help me! tks
  • x
  • convention:

negoluiz Created Jan 23, 2017 20:05:40 Helpful(0) Helpful(0)

Nobody ?? :D:D[802.1x] S5720-52X-PWR-SI-AC PROBLEM-2175761-1
  • x
  • convention:

Martian_superman Created Sep 15, 2018 23:56:10 Helpful(0) Helpful(0)

Maybe the access-user records is not deleted, you can contact Huawei TAC so that Huawei engineer can assist you on the troubleshooting.
  • x
  • convention:

12
Back to list

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top