Network Topology
Problem Description
Local dot1x authentication failed.
The configuration is as follows:
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 10
dot1x
#
local-user H3C class network
password cipher $c$3$JjIBZPmVTxhKyzloh/rhr+iCneTHq9kgVFpFs0up
service-type lan-access
authorization-attribute user-role network-operator
#
Process Analysis
1. Check the on-site configuration and found that dot1x is not enabled in the system view.
For 802.1X to take effect on a port, you must enable it both globally and on the port.
#Enter system view.
system-view
#Enable 802.1X globally.
dot1x
#By default, 802.1X is disabled globally.
2. After dot1x is enabled globally, the authentication still fails. At this time, it is found that the user name in the 802.1X client used is h3c, and the device is configured with H3C, and the case is different.
The user name needs to be case-sensitive, with the following specific requirements.
user-name: Specifies the local user name, a case-sensitive string of 1 to 55 characters. The name must meet the following requirements:
· Cannot contain a domain name.
· Cannot contain any of the following characters: forward slash (/), backslash (\), vertical bar (|), colon (:), asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or at sign (@).
· Cannot be a, al, or all.
3. After modifying the user name in the 802.1x client to be consistent with the device configuration, the authentication succeeds.
Solution
1. Enable dot1x globally
2. Note that the user name is the same as the one configured on the device
3. If an iNode client is used, to ensure that the local authentication can be successfully performed, make sure that the "Upload version info" option in the 802.1X connection properties is not selected.
