dot1x authentication fails on S5700

Issue Description

Authentication fails on Huawei S5700 for all users. Error received but host is : Unable to connect.

Alarm Information

none

Handling Process

As a solution for this issue you need to change the port dot1q confguration. A port configured for only one user is an access port and this configuration needs to be changed to hybrid mode so it can support more than one users. You can find the initial configuration and the modified version below:

before:
port link-type access
port default vlan 105
dot1x enable
dot1x max-user 1
authentication guest-vlan 101
authentication restrict-vlan 104
dot1x port-method port
dot1x reauthenticate

after (working config):
port hybrid pvid vlan 105
port hybrid untagged vlan 2 to 4094
dot1x enable
dot1x max-user 2
authentication guest-vlan 101
authentication restrict-vlan 104
authentication critical-vlan 105

Root Cause

This failure is caused by the fact that more than one user needs to authenticate on a port configured to support only one user.

Suggestions

if you need to use port-method mac always configure the port in hybrid mode.

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s