Got it

[802.1x] S5720-52X-PWR-SI-AC PROBLEM

Created: Dec 21, 2016 19:24:05Latest reply: Sep 21, 2018 04:59:04 2789 10 0 0
  Rewarded HiCoins: 0 (problem resolved)
Hi Guys


I made all 802.1x configuration in our switches and it's work fine but I found an perhaps that will try to explain:

PC1 is connected to gigabit 0/0/1 and authenticated.
PC1 is disconnected from that port and another device(PC2) is connected there and doesn't authenticate but the device is able to get the same VLAN that PC1 got when authenticated.

If I connect PC2 to another port, the authentication will fail and the guest vlan will be served as expected.

Why it's happening ?

Tks

Luiz Ricardo
  • x
  • convention:

Featured Answers
Sergio93
Created Sep 21, 2018 04:59:04 Helpful(0) Helpful(0)

Hello,

Please do some test with following recommendations:
1) try to use the access control on an interface to be based on MAC addresses. In your case, when the port method is used, all the other 802.1X users on an interface can use network resources as long as one user is authenticated successfully. When the authenticated user goes offline, other users cannot use network resources. The port method is applicable to group users.
When the mac method is used, all 802.1X users on an interface are authenticated one by one. If a user goes offline, other users on this interface are not affected. The mac method is applicable to individual users.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x port-method mac

2)specify the user gateway IP address and its corresponding MAC address as the source IP address and source MAC address of offline detection packets. You can find them with 'display interface' command.
<HUAWEI> system-view
[HUAWEI] access-user arp-detect vlan 10 ip-address 192.168.1.1 mac-address 2222-1111-1234

View more
  • x
  • convention:

BEST%20ANSWER!%20If%20you%20think%20I%20earn%20it!%3Cbr%2F%3E%3Cbr%2F%3EIf%20this%20post%20was%20useful%20to%20you%2C%20please%20click%20the%20%3Cimg%20id%3D%22aimg_eYhFO%22%20onclick%3D%22zoom(this%2C%20this.src%2C%200%2C%200%2C%200)%22%20class%3D%22zoom%22%20src%3D%22https%3A%2F%2Fforum.huawei.com%2Fenterprise%2Fen%2Fstatic%2Fimage%2Fcommon%2Fsupport01.png%22%20onmouseover%3D%22img_onmouseoverfunc(this)%22%20onload%3D%22thumbImg(this)%22%20border%3D%220%22%20alt%3D%22%22%20%2F%3E%20%3Cfont%20color%3D%22DarkOrange%22%3EHelpful%3C%2Ffont%3E%20button%20and%20flag%20my%20post%20as%20a%20%26quot%3BBEST%20ANSWER%26quot%3B%20so%20others%20can%20benefit.%20Thank%20you%20%3Cimg%20id%3D%22aimg_H808i%22%20onclick%3D%22zoom(this%2C
All Answers
icycan
icycan Created Dec 22, 2016 02:07:21 Helpful(0) Helpful(0)

I'm sorry.I've never used this device.Will someone to help you, good luck!
View more
  • x
  • convention:

negoluiz
negoluiz Created Dec 23, 2016 12:17:39 Helpful(0) Helpful(0)

Waiting a help from someone!
View more
  • x
  • convention:

gululu
gululu Created Dec 24, 2016 06:28:27 Helpful(0) Helpful(0)

@Lemon @kmyd @撒么 please help
View more
  • x
  • convention:

Come on!
negoluiz
negoluiz Created Dec 26, 2016 12:15:33 Helpful(0) Helpful(0)

Posted by 咕噜噜 at 2016-12-24 06:28 @Lemon @kmyd @撒么 please help
Please help, guys!
View more
  • x
  • convention:

ogh
ogh Created Dec 30, 2016 15:43:43 Helpful(0) Helpful(0)

Do can you post the port configuration??
View more

Rating

Number of participants 1E-coins +2 Collapse Reasons
社区管理员咕噜噜 + 2 Awesome!

View All scores

  • x
  • convention:

negoluiz
negoluiz Created Jan 2, 2017 12:09:02 Helpful(0) Helpful(0)

Posted by ogh at 2016-12-30 15:43 Do can you post the port configuration??
Hi @ogh

Here is..

dot1x enable
dot1x authentication-method eap
dot1x timer tx-period 10

undo authentication unified-mode

interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
stp edged-port enable
dot1x enable
dot1x max-user 1
authentication guest-vlan 50
dot1x port-method port
dot1x authentication-method eap
#

Tks
View more
  • x
  • convention:

negoluiz
negoluiz Created Jan 4, 2017 16:02:36 Helpful(0) Helpful(0)

@ogh hello buddy.. please help me! tks
View more
  • x
  • convention:

negoluiz
negoluiz Created Jan 23, 2017 12:05:40 Helpful(0) Helpful(0)

Nobody ?? :D:D[802.1x] S5720-52X-PWR-SI-AC PROBLEM-2175761-1
View more
  • x
  • convention:

Martian_superman
Martian_superman Created Sep 15, 2018 15:56:10 Helpful(0) Helpful(0)

Maybe the access-user records is not deleted, you can contact Huawei TAC so that Huawei engineer can assist you on the troubleshooting.
View more
  • x
  • convention:

12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.