访客 VLAN 在 HP 1920 JG927A 上的有线连接下不起作用

网络工程 IEEE-802.1x
2021-07-09 09:16:40

我正在尝试使用 dot1x 和来宾 vlan 在 HP 1920 上获得正确的工作配置。我所有经过身份验证的计算机都运行良好,auth-fail vlan 也运行正常。任何人都知道计算机的访客 vlan 问题可能是什么?

HP 1920-48G JG927A 的软件版本 - 5.20.99 Release 1119

[HP1920-[21]]display current-configuration interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/24
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 131 untagged
 loopback-detection enable
 stp edged-port enable
 dot1x re-authenticate
 dot1x max-user 1
 dot1x guest-vlan 130
 dot1x auth-fail vlan 132
 dot1x critical vlan 132
 dot1x critical recovery-action reinitialize
 undo dot1x handshake
 dot1x mandatory-domain office.local
 undo dot1x multicast-trigger
 dot1x port-method portbased
 dot1x
 dot1x unicast-trigger
#
return

[HP1920-[21]]display current-configuration configuration radius-template
#
radius scheme nps1
 server-type extended
 primary authentication 10.10.0.35
 primary accounting 10.10.0.35
 secondary authentication 10.10.0.11
 secondary accounting 10.10.0.11
 key authentication cipher $c$3$yZHVwYS44ZHVwYS44ZHVwYS44==
 key accounting cipher $c$3$yZHVwYS44ZHVwYS44ZHVwYS44==
 security-policy-server 10.10.0.11
 security-policy-server 10.10.0.35
 timer response-timeout 10
 user-name-format without-domain
#
return

[HP1920-[21]]display dot1x interface GigabitEthernet 1/0/24
 Equipment 802.1X protocol is enabled
 EAP authentication is enabled
 Proxy trap checker is disabled
 Proxy logoff checker is disabled

 Configuration: Transmit Period   30 s,  Handshake Period       30 s
                Quiet Period      30 s,  Quiet Period Timer is enabled
                Supp Timeout      30 s,  Server Timeout        100 s
                Reauth Period   3600 s
                The maximal retransmitting times    3

 The maximum 802.1X user resource number is 1024 per slot
 Total current used 802.1X resource number is 0

 GigabitEthernet1/0/24  is link-up
   802.1X protocol is enabled
   Proxy trap checker is   disabled
   Proxy logoff checker is disabled
   Handshake is disabled
   Handshake secure is disabled
   802.1X unicast-trigger is enabled
   Periodic reauthentication is enabled
   The port is an authenticator
   Authentication Mode is Auto
   Port Control Type is Port-based
   802.1X Multicast-trigger is disabled
   Mandatory authentication domain: office.local
   Guest VLAN: 130
   Auth-Fail VLAN: 132
   Critical VLAN: 132
   Critical recovery-action: reinitialize
   Max number of on-line users is 1

   EAPOL Packet: Tx 0, Rx 0
   Sent EAP Request/Identity Packets : 0
        EAP Request/Challenge Packets: 0
        EAP Success Packets: 0, Fail Packets: 0
   Received EAPOL Start Packets : 0
            EAPOL LogOff Packets: 0
            EAP Response/Identity Packets : 0
            EAP Response/Challenge Packets: 0
            Error Packets: 0

   Controlled User(s) amount to 0

日志数据

%Sep 17 14:53:09:027 2018 HP1920-[21] IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/24 link status is UP.
%Sep 17 14:53:09:062 2018 HP1920-[21] MSTP/6/MSTP_FORWARDING: Instance 0's port GigabitEthernet1/0/24 has been set to forwarding state.
%Sep 17 14:53:14:361 2018 HP1920-[21] LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/24 (IfIndex 37842944), Chassis ID is 1c39-4739-cfad, Port ID is 1c39-4739-cfad.
%Sep 17 14:53:33:652 2018 HP1920-[21] SHELL/6/SHELL_CMD: -Task=vt0-IPAddr=10.110.0.202-User=admin; Command is display logbuffer
%Sep 17 14:53:56:252 2018 HP1920-[21] IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/24 link status is DOWN.
%Sep 17 14:54:08:311 2018 HP1920-[21] IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/24 link status is UP.
%Sep 17 14:54:08:346 2018 HP1920-[21] MSTP/6/MSTP_FORWARDING: Instance 0's port GigabitEthernet1/0/24 has been set to forwarding state.
%Sep 17 14:54:09:291 2018 HP1920-[21] LLDP/6/LLDP_CREATE_NEIGHBOR: New neighbor created on Port GigabitEthernet1/0/24 (IfIndex 37842944), Chassis ID is 009c-021c-1c0e, Port ID is 009c-021c-1c0e.

更新

经过研究,我找到了工作配置。

[HP1920-[21]]display current-configuration interface GigabitEthernet1/0/24
    #
    interface GigabitEthernet1/0/24
     port link-type hybrid
     undo port hybrid vlan 1
     port hybrid vlan 131 untagged
     loopback-detection enable
     stp edged-port enable
     dot1x re-authenticate
     dot1x max-user 1
     dot1x guest-vlan 130
     undo dot1x handshake
     dot1x mandatory-domain office.local
     dot1x port-method portbased
     dot1x
     dot1x unicast-trigger
    #
    return

有用的是设置计时器。

例如:

# Global dot1x Config

dot1x
dot1x timer tx-period 10
dot1x timer supp-timeout 1
dot1x retry 1
dot1x timer handshake-period 5
dot1x timer reauth-period 60

如果有人有我删除的设置的工作配置,请分享。

1个回答

经过研究,我找到了工作配置。

[HP1920-[21]]display current-configuration interface GigabitEthernet1/0/24
    #
    interface GigabitEthernet1/0/24
     port link-type hybrid
     undo port hybrid vlan 1
     port hybrid vlan 131 untagged
     loopback-detection enable
     stp edged-port enable
     dot1x re-authenticate
     dot1x max-user 1
     dot1x guest-vlan 130
     undo dot1x handshake
     dot1x mandatory-domain office.local
     dot1x port-method portbased
     dot1x
     dot1x unicast-trigger
    #
    return

有用的是设置计时器。

例如:

# Global dot1x Config

dot1x
dot1x timer tx-period 10
dot1x timer supp-timeout 1
dot1x retry 1
dot1x timer handshake-period 5
dot1x timer reauth-period 60
其它你可能感兴趣的问题
上一篇二层纠错 下一篇我可以使用 netcat 强制使用更高的 TCP 段大小吗?