NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Setting up Port Authentication w/ RADIUS on a S3300, seeing timeout erros
On the same network that I am attempting to get 802.1x working I have it working threw a GS752TP-poe and a Unifi AP to a Win VM running RADIUS.
With the S3300 conneced to a computer on a secured port the RADIUS never logs any activity, however from the same securied computer ruunning a test app I do get logs on the RADIUS. Seems that from the switch to the RADIUS is the issue?
Error on the S3300 log is
DOT1X[126721636]: dot1x_radius.c(237) 1547 %% Failed to authenticate on logical interface [ifName not found(1408)] due to radius comm failure.
Daniel_Z,
So, I broke down and bought a S3300 just for testing this issue. First thing I did was upgrade the firmware from the Netgear site as I always do on new out of the box products. Set the switch up to work on the same network and implemented 802.1x w/ RADUIS and what do you know it works. But what! Why? After comparing the production S3300's to the sandbox S3300 I found the firmware versions are not the same.
Throughout this thread I had been using v6.6.1.4 which I has stated in a previous thread and I'm not sure when but your team has since than released v6.6.1.7. I have confirmed If I down grade and rebuild 802.1x w/ RADIUS on firmware v6.6.1.4 that 802.1x port authentication breaks. Still no mention of 802.1x w/ RADIUS port authentication being fixed in v6.6.1.7. Maybe this should be added to the release notes for v.6.6.1.4 and v6.6.1.7 as it would be nice to know there was an issue and has been fixed.
Broken 802.1x Port Authentication /w Radius - https://kb.netgear.com/31220/S3300-Firmware-Version-6-6-1-4
Fixed 802.1x Port Authentication /w Radius - https://kb.netgear.com/000038558/S3300-Firmware-Version-6-6-1-7
12 Replies
Hi Gear-Head,
Welcome to Netgear Community.
To configure port authentication with RADIUS, there have two part configurations:
- Global configuration, following the steps on Page 217 of Admin Guide
- RADIUS server configuration, following the steps on Page 218 of Admin Guide
Let's know if you still see the error.
Thnak you Bruce_G.
I went ahead and reran threw the guide and everything is set correctly or seems to be. I'm still seeing the timeouts.
Server Configuration page shows -
Server
AddressRound
Trip TimeAccess
RequestsAccess
RetransmissionsAccess
AcceptsAccess
RejectsAccess
ChallengesMalformed Access
ResponsesBad
AuthenticatorsPending
RequestsTimeouts Unknown
TypesPackets
Dropped192.168.10.2 0.00 222 563 0 0 0 0 0 0 785 0 0 Ok, so more troubleshooting.
On my Windows 2012 RADIUS Server I get the below logged.
"RAD-Server","IAS",05/16/2017,13:10:20,1,"host/computer1.domian.local","DOMAIN\Computer1$","08-bd-43-6f-33-42","84:7b:eb:06:a0:09",,,"08-bd-43-6f-33-40","192.168.10.2",14,0,"192.168.10.2","sw1",,,15,,,,5,"Secure Wired (Ethernet) Connections",0,"311 1 192.168.10.10 05/16/2017 19:09:13 9",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Secure Wired (Ethernet) Connections",1,,,,
I'm using the chart posted in the form and the below page to decypher and from this the "result code" = "0" or in other words success?
This also states NPS referance codes and if I'm using the right one it still states success?
https://technet.microsoft.com/en-us/library/dd197464(v=ws.10).aspx
Once other thing I should note is I do not have a guest vlan setup for should the 802.1x auth fail and don't want one but I do have my native lan on vlan 5. The Port and PID and set for the computer and RADIUS server. The switch is also in vlan 5 for mgmt. I have no issues with my network with the execption fo getting RADIUS to work I have also now tried to authenticate from this switch using my remote RADIUS server that I have working with the GS752TP.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
