Is my switch really communicating .1x with Freeradius?

[splintered thoughts]

I'd look at the configuration of the 3com switch, and use wireshark or tcpdump on the freeradius host. 

I haven't configured a 3com 3226 but 3com 5500's have a configuration such as:

radius scheme MyRadius
 server-type extended
 primary authentication 192.168.0.10
 primary accounting 192.168.0.10
 key authentication mysecret
 key accounting mysecret
 user-name-format without-domain
#
domain dot1x
 authentication radius-scheme MyRadius
 accounting radius-scheme MyRadius
 undo dot1x timer handshake-period

interface GigabitEthernet1/0/5
 poe enable
 stp edged-port enable
 broadcast-suppression pps 3000
 undo jumboframe enable
 dot1x
 apply qos-profile default





________________________________
From: john <lists.john at gmail.com>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Tuesday, April 7, 2009 2:44:26 PM
Subject: Is my switch really communicating .1x with Freeradius?

Hello all,

I am struggling to get a windowsXP client to authenticate to
freeradius. I've set up winbind/samba and radtest works from the
command line on the freeradius server.

However the client doesn't seem to be able to contact the server when
attached to a switch which supports .1x. During testing with wireshark
I noticed that my switch (a 3com 3226) is sending EAP failure messages
in response to the XP clients eap request. I don't see anything in the
debug output of the freeradius server when I run it with
/usr/sbin/freeradius -X

It seems to me that my 3Com switch isn't really communicating with the
freeradius server. Can someone help me figure out how to make sure
that my NAS is talking to the server?

Thanks!


John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090408/2d85c328/attachment.html>