Help with chap

Matthias Nagel matthias.h.nagel at gmail.com
Sat May 18 15:23:50 CEST 2013


Hello,

> I've recently got into mac based auth on a procurve 5406.  [...]
> [...] when i reboot the switch or clear the authentication on the ports it can take up to ten minutes for 10-15 clients to authenticate, simply because the nas (i guess) gets overwhelmed and consequently I see loads of "eap did not complete" messages. 

We have a setup of one HP 5412zl, one HP 5406 and one HP 2910. Together all but two module slots are equipped with 24-port line interface cards, hence we have about 400 ethernet ports. We either use 802.1X authentication or mac-based authentication with mschap-peap on every port but a dozen. Our FreeRADIUS server is running on a virtual machine with only 512 MB RAM and is connected with 1GB/s to the 5412zl.

Anyway after a power cycle of all three switches at once, with all clients running, it only takes seconds until all clients (approx. 380) are authenticated again. Neither the HP switches nor the RADIUS server gets overwhelmed. So there must be some mis-configuration at your setup.

Matthias


----------------------------------------------------------------------
Matthias Nagel
Willy-Andreas-Allee 1, Zimmer 506
76131 Karlsruhe

Telefon: +49-721-8695-1506
Mobil: +49-151-15998774
e-Mail: matthias.h.nagel at gmail.com
ICQ: 499797758
Skype: nagmat84



More information about the Freeradius-Users mailing list