sekurityboy
Vendor
Having a problem with a BPS 2000 switch and EAPOL. Very simple config: If authenticated, then user has access. If no authentication, then no access at all. I've setup IAS Server, and created the radius client. I've used RADping to test, and it works correctly. As soon as I try using the BPS2000 for this, it doesn't work. I don't get prompted for username or password. Setting up as EAP-MD5. EAP was enabled globally, the ports have been set to auto. Radius was defined in the switch, but I just can't seem to get an authentication request. All I'm trying to do is set up the simplest way to use this in a lab environment. I'm not using a Passport in this. Should I be? Below is a sample of the config file that would be pertinent to this. Your help is greatly appreciated. There is nothing proprietary in this config, so here it is:
CONFIG:
! Embedded ASCII Configuration Generator Script
! Model = Business Policy Switch 2000
! Software version = v3.1.6.02
enable
config t
!
! *** CORE ***
!
mac-address-table aging-time 300
autotopology
snmp-server authentication-trap enable
snmp-server community "public" ro
snmp-server community "private" rw
no radius-server
radius-server host 172.16.254.200
radius-server secondary-host 0.0.0.0
radius-server port 1645
radius-server key "abc123"
!
! *** IP ***
!
ip bootp server needed
ip default-gateway 172.16.254.11
ip address netmask 255.255.0.0
ip address stack 0.0.0.0
ip address switch 172.16.254.10
!
! *** EAP ***
!
eapol enable
interface FastEthernet ALL
eapol port 1 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 2 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 3 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 4 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 5 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 6 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 7 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 8 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 9 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 10 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 11 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 12 status auto traffic-control in-out re-authentication enable re-authentication-period 60 re-authenticate quiet-interval 10 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 13 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 14 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 15 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 16 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 17 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 18 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 19 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 20 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 21 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 22 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 23 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 24 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 25 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 26 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
exit
!
! *** System Logging ***
!
logging enable level informational nv-level serious
!
! *** VLAN ***
!
no auto-pvid
vlan name 1 "VLAN #1"
vlan create 2 name "VLAN #2" type port learning ivl
vlan ports 1 tagging tagAll pvid 2 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan ports 2-12 tagging unTagAll pvid 2 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan ports 13-26 tagging unTagAll pvid 1 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan members 1 1
vlan members 2 1-26
vlan igmp unknown-mcast-no-flood disable
vlan igmp 1 snooping disable proxy disable robust-value 2 query-interval 125
vlan igmp 2 snooping disable proxy disable robust-value 2 query-interval 125
vlan mgmt 2
CONFIG:
! Embedded ASCII Configuration Generator Script
! Model = Business Policy Switch 2000
! Software version = v3.1.6.02
enable
config t
!
! *** CORE ***
!
mac-address-table aging-time 300
autotopology
snmp-server authentication-trap enable
snmp-server community "public" ro
snmp-server community "private" rw
no radius-server
radius-server host 172.16.254.200
radius-server secondary-host 0.0.0.0
radius-server port 1645
radius-server key "abc123"
!
! *** IP ***
!
ip bootp server needed
ip default-gateway 172.16.254.11
ip address netmask 255.255.0.0
ip address stack 0.0.0.0
ip address switch 172.16.254.10
!
! *** EAP ***
!
eapol enable
interface FastEthernet ALL
eapol port 1 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 2 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 3 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 4 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 5 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 6 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 7 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 8 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 9 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 10 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 11 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 12 status auto traffic-control in-out re-authentication enable re-authentication-period 60 re-authenticate quiet-interval 10 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 13 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 14 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 15 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 16 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 17 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 18 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 19 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 20 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 21 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 22 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 23 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 24 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 25 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 26 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
exit
!
! *** System Logging ***
!
logging enable level informational nv-level serious
!
! *** VLAN ***
!
no auto-pvid
vlan name 1 "VLAN #1"
vlan create 2 name "VLAN #2" type port learning ivl
vlan ports 1 tagging tagAll pvid 2 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan ports 2-12 tagging unTagAll pvid 2 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan ports 13-26 tagging unTagAll pvid 1 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan members 1 1
vlan members 2 1-26
vlan igmp unknown-mcast-no-flood disable
vlan igmp 1 snooping disable proxy disable robust-value 2 query-interval 125
vlan igmp 2 snooping disable proxy disable robust-value 2 query-interval 125
vlan mgmt 2
