- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- information about 802.1x and max-client limitation
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2019 09:23 AM - last edited on тАО03-03-2019 09:52 PM by Parvez_Admin
тАО03-01-2019 09:23 AM - last edited on тАО03-03-2019 09:52 PM by Parvez_Admin
information about 802.1x and max-client limitation
Hi all,
can anybody tell me more information about 802.1x and max-client limitation ?
Let me explain my issue. I've got one HPE Procurve 2530G-24G and I've configured
802.1x to activate port numer 10 after the supplicant was identified by radius server
(username and password). After that switch assign vlan 25 to the port number 10.
Always works fine but for some reasons I've like to add a new switch between supplicant
and port 10 of 2530-24G to manage more clients. This new switch is 1810G without 802.1x features,
it has got only vlan and other base level 2 functions. So my goal is to manage authentication
of more than client on the same 2530G-24G port numerb 10.
Does anybody help me ?
Many thanks
Best Regards
Enrico
P.S: Mod: Post split and moved as a new Topic from following link
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2019 06:14 AM
тАО03-04-2019 06:14 AM
Re: information about 802.1x and max-client limitation
Hi all , after read that guide http://h22208.www2.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch13s05.html I've made some tests. This is a part of config from Procurve 802.1x-aware:
.
... vlan 1 name "DEFAULT_VLAN" untagged 1-24 ip address 10.0.0.1 255.255.0.0 exit vlan 25 name "PF-WIRED" tagged 1-2,12-24 exit ... aaa authentication port-access eap-radius aaa accounting system start-stop radius radius-server host 10.0.0.34 key XXXXX no snmp-server enable traps link-change 1-24 aaa port-access authenticator 3-4 aaa port-access authenticator 3 auth-vid 25 aaa port-access authenticator 3 client-limit 8 aaa port-access authenticator 4 auth-vid 25 aaa port-access authenticator 4 client-limit 8 aaa port-access authenticator active ... omissis ...
as you can see my setup it's seem to right and if I connect my notebook directly to port 3 it otbains
network access . My notebook dosen't obtain network access if I connect hub, switch unmanaged or
not 802.1x-aware bteween port 3 and my computer,
Any ideas ?
Thanks
Best Regards
Enrico
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2019 09:24 AM - edited тАО03-12-2019 09:43 AM
тАО03-12-2019 09:24 AM - edited тАО03-12-2019 09:43 AM
Re: information about 802.1x and max-client limitation
This should work with a hub or unmanaged switch connected to port 3, and your laptop connected to any port on the downstream device. It's working in my lab with the exact same scenerio.
Try running:
debug destination session (or buffer)
debug events
debug security port-access
then connect your laptop to port 3 and see how a sucsessful auth looks in the debug, then connect a hub/switch, watch the debug, then finally connect your laptop to the hub/switch and wath the debug messages. What is different?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2019 11:59 PM - last edited on тАО03-13-2019 09:35 PM by Parvez_Admin
тАО03-12-2019 11:59 PM - last edited on тАО03-13-2019 09:35 PM by Parvez_Admin
Re: information about 802.1x and max-client limitation
I've found the problem. This config works with unmanaged hub or switch:
/....//
//max-vlans 32//
//time timezone 60//
//time daylight-time-rule Western-Europe//
//interface 1//
// no lacp//
//exit//
//....//
//interface 20//
// no lacp//
//exit//
//ip default-gateway a.b.c.d//
//sntp server a.b.c.d//
//timesync sntp//
//sntp unicast//
//logging facility syslog//
//logging a.b.c.d//
//snmp-server community "public" Unrestricted//
//snmp-server community "private" Unrestricted//
//vlan 1//
// name "DEFAULT_VLAN"//
// untagged 1-10,12-24//
// ip address y.x.w.k 255.255.0.0//
// no untagged 11//
// exit//
//vlan 25//
// name "PF-WIRED"//
// untagged 11//
// tagged 1-2,12-24//
// exit//
//....//
//fault-finder broadcast-storm sensitivity low//
//aaa authentication port-access eap-radius//
//aaa accounting system start-stop radius//
//radius-server host a.b.c.f key XXXXXXX//
//no snmp-server enable traps link-change 1-24//
//aaa port-access authenticator 3-10//
//aaa port-access authenticator 3 client-limit 8//
//aaa port-access authenticator 4 client-limit 8//
//aaa port-access authenticator 5 client-limit 8//
//aaa port-access authenticator 6 client-limit 8//
//aaa port-access authenticator 7 client-limit 8//
//aaa port-access authenticator 8 client-limit 8//
//aaa port-access authenticator 9 client-limit 8//
//aaa port-access authenticator 10 client-limit 8//
//aaa port-access authenticator active//
//spanning-tree//
//password manager/
vlan is assigned from authentication server.
Thanks for your reply.
Best Regards
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
______________________________________________________________________