NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ThomasH12345's avatar
ThomasH12345
Aspirant
Oct 11, 2024
Solved

GS752TPv2 and GS724TPv2 dont 802.1x authenticate some wpa_supplicant clients

Hi,

i'm operating GS752TPv2 and GS724TPv2 and other managed switches. I have started to implement 802.1x port authentication, which generally works very well.

I have some problems with some wireless access points, running openwrt though:

AVM Fritz!repeater1200

GL.inet AR300M

Zyxel NWA50AXPro

All of them run openwrt, wpad-mbedtls and are configured identically regarding 802.1x authentication using wpa_supplicant.

All three AP authenticate well on Zyxel switches.

The GL.inet also authenticates on the netgear GS switches.

Both Fritz and NWA50AXPro authenticate on Zyxel switches but not on the netgear GS switches!

 

The log on the GS752TPv2 shows this:

<181>1 2024-10-11T12:55:59.364+02:00 10.250.0.250-1 AUTHMGR-5-LOCK proto_authmgr_action.c(757) %% Client (MAC REDACTED) is locked on interface GigabitEthernet26 SessionID 0000005D7B3824D0
<181>1 2024-10-11T12:55:59.354+02:00 10.250.0.250-1 AUTHMGR-5-FAIL proto_dot1x_sm_pae.c(195) %% Authentication failed for client (MAC REDACTED) on interface GigabitEthernet26 SessionID 0000005D7B3824D0
<183>1 2024-10-11T12:55:59.354+02:00 10.250.0.250-1 AUTHMGR-7-NOMORE_METHODS proto_dot1x_sm_pae.c(184) %% Exhausted all authentication methods for client (MAC REDACTED) on interface GigabitEthernet26 SessionID 0000005D7B3824D0

<181>1 2024-10-11T12:55:59.354+02:00 10.250.0.250-1 AUTHMGR-5-DOT1X_FAIL proto_dot1x_sm_pae.c(163) %% Authentication failed for client (MAC REDACTED) on interface GigabitEthernet26

 

 

The Radius Server is not contacted in this case.

Any ideas what the cause might be? Anything to check?

 

Thanks for Reading

TH

  • ThomasH12345's avatar
    ThomasH12345
    Oct 11, 2024

    Alright,

    i'm answering myself. The solution is to associate the lan interface with the eth-device directly instead of via a brigde device (in openwrt).

2 Replies

  • ThomasH12345's avatar
    ThomasH12345
    Aspirant
    Oct 11, 2024

    Alright,

    i'm answering myself. The solution is to associate the lan interface with the eth-device directly instead of via a brigde device (in openwrt).

    • BrianL's avatar
      BrianL
      NETGEAR Moderator
      Oct 15, 2024

      Hi ThomasH12345,

       

      Welcome to the community!

       

      Thanks for submitting this query and for sharing what fixed it.

       

       

      Kind regards,

       

      BrianL

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More