Hot!802.1x auth problem between HP Aruba 2530 and FortiAuthenticator

New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/09/15 00:03:59
  • Status: offline
2021/09/15 00:21:51 (permalink)

802.1x auth problem between HP Aruba 2530 and FortiAuthenticator

Hello everybody. 
I have encountered with problem that concerns auth problem between HP Aruba 2530-48G switch and FAC. 
The scheme is: 
We have Active Directory integrated in FAC, one of the AD threads has been imported to the FAC. Switch has been configured with commands:
Switch HP Aruba 2530-48G RADIUS configuration:
radius-server host key <radius key>
aaa authentication port-access eap-radius
aaa port-access authenticator 10
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator active
From the FAC side the next things have been configured: 
1) Added Client (Switch IP address) + shared secret for radius connect. 
2) Created User Group as Remote LDAP type and there was assigned some RADIUS attributes under it like Tunnel-type - VLAN, Tunnel-Medium-Type - IEEE-802 and Tunnel-Private-Group-ID - <vlan number's here>
3) Created Policy (RADIUS Clients -> Added prior created client (switch ip), RADIUS Attribure criteria -> tumbler is off, Authentication type -> Password/OTP, Accept EAP, Accept PEAP tubler's turned on, IDENTITY Source -> AD realm's used, authentication factors -> Every configured password/OTP). 

After that, I've configured Windows 10 PC network Ethernet to use 802.1x authentication and when I provide Active Directory user's credentials - the authentication is failed and FAC logs show me info from screenshot. Any idea? 

Attached Image(s)


1 Reply Related Threads

    Expert Member
    • Total Posts : 606
    • Scores: 163
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: 802.1x auth problem between HP Aruba 2530 and FortiAuthenticator 2021/09/15 03:38:48 (permalink)
    Check https://Your-FAC-IP-or-FQDN/debug/radius/  for RADIUS debug details. Even without "debug mode" that simpler log should show a plenty of output.
    Remote Auth.Servers / LDAP used to contact AD is normal LDAP, or does it have "Windows Active Directory Domain Authentication" set ?
    If it's set, is it then in RADIUS Service / Policy / Identity source / "Use Windows AD Domain Authentication" turned on for that LDAP based realm ?

    Tom xSilver, planet Earth, over and out!
    Jump to:
    © 2021 APG vNext Commercial Version 5.5