We use HuaWei equipment in our network: S8500 for our core routers, S3900 for the edge switches.
We tried to implement wired 802.1x security in schools network via the S3900 edge switches, and followed the instructions from HuaWei documents, and it doesnt work.
Please see the following testing results:
1.)Enable CHAP only on RADIUS and on S3900, it doesnt work, please see the attached debug file ( also I cannot see any event regarding my logon (mbus\j.wan) via Event Viewer on RADIUS);
2.)Enable MS-CHAPv2 on RADIUS and enable EAP on Switch, it doesnt work, please see the attached debug file ( but I can see some events regarding my logon (mbus\j.wan) via Event Viewer on RADIUS, it said:----Access request for user MBUS\j.wan was discarded, Reason-Code = 23 and Unexpected error. Possible error in server or client).
We actually have another part of 802.1x in our network--- network points in public areas, which are working well (via a login portal from an Aruba controller), please see the following diagram:
Client machine---------> S3900 switch -----------> Aruba controller (Use CHAP) ------------> IAS (RADIUS)-------------->Win
dows AD----------> a successful authentication.
I would like to share some my experience with you, I had a similar issue with ChiliSpots (an open source software for HOT SPOT ---wireless and RADIUS authentication) three years ago, I successfully rectified the issue via CHAP whilst whole ChiliSpots community reckoned there was no way to make ChilliSpots&RADIUS&Windows
AD work as their different ways of authentication.
I think there might be an issue with S3900 regarding authentication method with Windows Active Directory via IAS (RADIUS), the switch S3900 really should use CHAP to initiate an authentication request to Windows AD via IAS (RADIUS) as CHAP would be a common language between S3900, RADIUS and Windows AD regarding authentication process.
Please also see two attached debug files for above two scenarios.
If someone out there experienced similar issues and know how to fix them, please help us, any information and help would be much appreciated.
Many thanks in advance.