- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: client-limit on 802.1x authentication - how ma...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-13-2016 07:24 AM
тАО09-13-2016 07:24 AM
Hi,
I'm using an 2910al-24G-PoE J9146A and want to do 802.1X and MAC user-based authentication.
Software revision : W.15.14.0013
ROM Version : W.14.06
In the manual "Access Securitiy Guide for W.15.14", applicable for Products:
HP Switch 2910al-series: J9145A, J9147A, J9146A, J9148A
I find the configuration line:
aaa port-access authenticator <port-list> client-limit <1-32>
But when I try on the switch it just shows:
switch# aaa port-access authenticator 1-22 client-limit
<1-8> Set the maximum number of clients to allow on the port.
Why can't I authenticate up to 32 clients as promised in the manual or at this homepage http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c02597321 ?
Best regards,
Bernhard voit
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-13-2016 09:56 AM
тАО09-13-2016 09:56 AM
Re: client-limit on 802.1x authentication - how many
Hi, in case you want to use the User-based authentication...have you tried to first enable the port based authentication with the command:
aaa port-access authenticator <port-list>
and only then to enable the User-based authentication with the the same command plus the client-limit part:
aaa port-access authenticator <port-list> client-limit <1-32>
The above command is used - after executing the very first aaa port-access authenticator <port-list> command - to convert the authentication from Port-based to User-based.
Reference here.
Doing things that way...is the limit still 8 instead of 32?
I'm not an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-14-2016 12:51 AM - edited тАО09-15-2016 12:41 AM
тАО09-14-2016 12:51 AM - edited тАО09-15-2016 12:41 AM
Re: client-limit on 802.1x authentication - how many
Hi parnassus,
here ist the actual config (relevant parts):
; J9146A Configuration Editor; Created on release #W.15.14.0013 ; Ver #06:04.18.63.ff.35.05:b6 module 1 type j9146a dhcp-snooping dhcp-snooping database file "tftp://z.z.z.z/somefile.dhcp" timeout 60 dhcp-snooping vlan 104 radius-server host x.x.x.x key "xxxx" radius-server timeout 2 radius-server dead-time 5 ip default-gateway x.x.x.x interface 23 dhcp-snooping trust exit interface 24 dhcp-snooping trust exit aaa server-group radius "extreme_nac" host x.x.x.x aaa accounting network start-stop radius server-group "extreme_nac" aaa authentication port-access eap-radius server-group "extreme_nac" aaa authentication mac-based chap-radius server-group "extreme_nac" aaa port-access authenticator 1-22 aaa port-access authenticator active vlan 1 name "DEFAULT_VLAN" no untagged 1-22 untagged 23-24 no ip address exit vlan 104 name "TestNAC" untagged 1-22 tagged 23-24 ip address y.y.y.y 255.255.255.0 ip igmp exit primary-vlan 104 no autorun switchname(config)# aaa port-access authenticator 1-22 client-limit <1-8> Set the maximum number of clients to allow on the port.
As you see, even when no client-limit is configured, I only have the opportunity to chose from 1-8.
I use the same manual you reference to. What I also recognised - i cant' issue the command "show port-access summary":
switchname(config)# show port-access [ethernet] PORT-LIST Show Web/MAC Authentication statistics and configuration. authenticator Show 802.1X (Port Based Network Access) authenticator current status, configuration or last session counters. config Show status of 802.1X, Web Auth, and MAC Auth configurations. local-mac Show Local MAC Authentication statistics and configuration. mac-based Show MAC Authentication statistics and configuration. supplicant Show 802.1X (Port Based Network Access) supplicant current status and configuration. web-based Show Web Authentication statistics and configuration.
Has anyone the same issues? Does anyone also use procurve 2910al PoE with 802.1x?
How many clients can you choose when trying the command
aaa port-access authenticator <port> client-limit ?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-15-2016 02:49 AM - edited тАО09-15-2016 02:50 AM
тАО09-15-2016 02:49 AM - edited тАО09-15-2016 02:50 AM
SolutionOK guys, I found the answer:
This Document shows, that only up to eight 802.1x users per port can be served:
http://www.hp.com/rnd/pdfs/datasheets/HP_ProCurve_2910al_Switch_Series.pdf
So all configuration documentation on HP for this switch is incorrect. I just got an 2920 and look at this - here we have the 32 users per port and the "show port-access summary" command works also.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-15-2016 08:38 AM
тАО09-15-2016 08:38 AM
Re: client-limit on 802.1x authentication - how many
Good catch, the HPE Documentation Feedback is here.
I'm not an HPE Employee