Remote 802.1X authentication failed
- 0 Followed
- 0Collected ,1062Browsed
Network Topology
Common remote 802.1X authentication network topology:
Problem Description
The customer configures the remote 802.1x according to the typical wireless configuration example on the official website, but the establishment fails. Collect debug information and check that the failure reason is Authentication method error.
Check the debug information: %Jan 11 14:26:20:649 2023 AC1 DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=guest-UserMAC=XXXX-XXXX-XXXX-BSSID=XXXX-XXXX-XXXX-SSID=JD_H3CTest_Guest-APName=1-RadioID=1-VLANID=34; A user failed 802.1X authentication.Reason:Authentication method error.
Process Analysis
The reason for the debug failure is that the authentication method is wrong. Compare the official configuration with the on-site configuration. It is found that the [AC] dot1x authentication-method eap command is missing in the field configuration.
By default, the device enables EAP termination and uses CHAP authentication.
The standard configuration on the official website uses the EAP-PEAP method to perform remote 802.1X authentication for wireless users, that is, the EAP relay method.
Solution
(1) Enter the system view.
system-view
(2) Configure the authentication method of the 802.1X system.
dot1x authentication-method { chap | eap | pap }
After adding the command dot1x authentication-method eap, change the 802.1X authentication model, the remote 802.1X was established successfully.