Alex, hеllo there!
Ive builded test environmet for you, so i am using freeradius 2.1.12+dfsg-1.2 (on debian), and switch hp 2650. Ive just repeated your config, and have no problems with this. My test procurve ip 10.0.10.29, test freeradius ip 192.168.2.60.
procurve config:
Running configuration:
; J4899A Configuration Editor; Created on release #H.10.83
hostname "ProCurve Switch 2650"
interface 1
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 11-50
ip address dhcp-bootp
no untagged 1-10
exit
vlan 100
name "success"
untagged 1-10
exit
vlan 200
name "fail"
exit
aaa authentication port-access eap-radius
radius-server host 192.168.2.60 key test
aaa port-access authenticator 1-10
aaa port-access authenticator 1 unauth-vid 200
aaa port-access authenticator 2 unauth-vid 200
aaa port-access authenticator 3 unauth-vid 200
aaa port-access authenticator 4 unauth-vid 200
aaa port-access authenticator 5 unauth-vid 200
aaa port-access authenticator 6 unauth-vid 200
aaa port-access authenticator 7 unauth-vid 200
aaa port-access authenticator 8 unauth-vid 200
aaa port-access authenticator 9 unauth-vid 200
aaa port-access authenticator 10 unauth-vid 200
aaa port-access authenticator active
/etc/freeradius/users:
<...>
testuser User-Password := test
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "100"
<...>
/etc/freeradius/radiusd.conf:
<...>
client switch {
ipaddr = 10.0.10.29
secret = test
require_message_authenticator = no
nastype = other
}
<...>
And i`ve used this manual, to enable 8021x in windows:
http://windows.microsoft.com/en-us/windows/enable-802-1x-authentication#1TC=windows-7
But, I`ve disabled usage of logged user creds.
So, if user creds are correct, i have this message in /var/log/freeradius/radius.log
tail -f /var/log/freeradius/radius.log
Fri Sep 5 12:54:14 2014 : Auth: Login OK: [testuser/<via Auth-Type = EAP>] (from client switch port 0 via TLS tunnel)
Fri Sep 5 12:54:14 2014 : Auth: Login OK: [testuser/<via Auth-Type = EAP>] (from client switch port 1 cli b4-99-ba-5a-bb-65)
and on my switch ive got:
ProCurve Switch 2650(eth-1)# sh vlans ports 1
Status and Counters - VLAN Information - for ports 1
802.1Q VLAN ID Name Status Voice
-------------- ------------ ------------ -----
100 success Port-based No
If creds are incorrect:
Fri Sep 5 12:56:06 2014 : Auth: Login incorrect: [sasdasd/<via Auth-Type = EAP>] (from client switch port 0 via TLS tunnel)
Fri Sep 5 12:56:06 2014 : Auth: Login incorrect: [sasdasd/<via Auth-Type = EAP>] (from client switch port 1 cli b4-99-ba-5a-bb-65)
ProCurve Switch 2650(eth-1)# sh vlans ports 1
Status and Counters - VLAN Information - for ports 1
802.1Q VLAN ID Name Status Voice
-------------- ------------ ------------ -----
200 fail Port-based No
maybe you havent enabled 8021x in windows? I hope this helps to you man.
Best Answer
WLCs are NOT Radius Servers, you need an external Radius server and then point the WLCs to it
The page you are on right now is to configure credentials to actually be able to query the external radius server: IP Address & Ports, Shared Secret, and other connectivity options.
Cisco Radius servers are called ACS (secure Access Control System) and to TACACS as well