IÇm authenticating clients using 802.1x and depending their roles assign them the correct vlan. I have made the configuration with the UAC and a Juniper switch, and everything worked fine. But now the my customer wants to implement the same configuration on a Dlink switch, I tried to replicate everything I did on the EX 2200 switch but when clients try to authenticate (using Junos Pulse). It remains in a connecting state.
When I see the logs and check the TCP dump, everything seems fine and when I check the active users in the UAC, the user appears to be logged in, but with no IP address.
Any idea or suggestion?
What Radius Return Attribute policy are you using ?
Have you configured Open port or VLAN or Return attributes ?
Would it be possible for you to share the Radius logs from Troubleshooting --> Monitoring --> Radius
How is the IP address assignment is done once the VLAN is assigned to the user?
Does it based on a DHCP server, if so do you have DHCP forwarder configured ?
Is the Switch capable of assigning the IP on its own ? I feel the issue at switch side however its better to review the logs & speak
You need to verify if the switch that you are using supports dynamic VLAN assignment.
Not all flavors of DLINK supports dynamic VLAN assignment.
Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well.
Kudos will be bonus if I earned it!
I've tried with both, Open Port and VLAN. But none of them lets me log in the user.
I've attached the logs.
Note: Even though I can't log in the user the Junos Pulse keeps on connecting state, and doesn't show any error. Also I've sniffed the internal port on the UAC using TCPdump and I can see radius packages between the UAC (10.10.1.150) and the Dlink switch (10.10.1.156) which means they are comunicating.
Reviewing the IC logs, the authentication sequence is never getting completed. I could see that IC is sending a Radius Challenge to the D-Link/Client but no response is received thereafter. This is causing the issue.
A quick check on multiple instances of authentication in the logs, it seems all the authentication sequences are stuck at the same stage of Radius Challenge.
The issue needs more investigation from the switch side and client side to see why the authentication is not getting completed.
Can you upload a detailed Pulse log as well, I wanted to try and look for anything obvious in the Pulse log for this stuckness.
IÇve attached the Junos Pulse logs.
Note: The only conguration I did in the switch was to enable dot1x and configure a trunk port so the switch can see all the Vlans in my network.
The pulse logs does not seem to be @ detailed Level ? Can you ensure Pulse --> File --> Logs --> Log level detailed is checked and then collect the logs after replicating the failure.
Ok, IÇve attached the detailed logs, also i checked the configuratioin of the UAC by authenticating the users with my juniper switch, and everything seems to be ok. But still ave the same problem with the Dlink switch.
I hope you can help me.