- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: 3Com 5500G-EI dot1x with RADIUS Server supplie...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2017 01:30 PM
04-24-2017 01:30 PM
We have a number of 3Com 5500G-EI switches for which we'd like to enable wired 802.1x authentication.
Most swiches will be running Software Version 3Com OS V3.03.02s168p23. As for the RADIUS Server, we're using ClearPass Policy Manager 6.5.7.85381.
We have basic ACCESS-ACCEPT & ACCESS-REJECT working, along with a guest-vlan configuration.
I'm trying to assign a VLAN from the RADIUS Response, but I'm not having any luck. I suspect I may need to configure the port as a hybrid port. Here is the current port config.
interface GigabitEthernet1/0/1
stp edged-port enable
broadcast-suppression pps 3000
port access vlan 15
undo jumboframe enable
dot1x port-method portbased
dot1x max-user 1
dot1x guest-vlan 13
dot1x
dot1x re-authenticate
dot1x mandatory-domain drexel.edu
mirroring-group 1 mirroring-port both
apply qos-profile default
Based on authroization attributes, I'd like to place a user in a different VLAN if they successfully authenticate. I've made sure to pass the Radius:IETF Attributes Tunnel-Type, Tunnel-Medium-Type, & Tunnel-Private-Group-Id in the RADIUS Response, but it doesn't appear as if the switch is honoring those responses.
With Radius Debugging enabled in the switch, I see some messages with :
Apr 24 13:41:45 10.245.248.2: %%10RDS/8/DEBUG(d):- 1 -Warning:Received a invalid VLAN ID!
I've verified that the VLAN I'm sending in the RADIUS Response is configured on the switch.
Any clues or hints would be appreciated.
TIA,
--Raf
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2017 02:28 PM
04-24-2017 02:28 PM
SolutionDOH!!!
Managed to solve my own issue by chaning the Vlan-assignment-mode to string, from interger.
I'll continue testing to see what other havoc I can create.
Does anyone know if a self-service URL will redirect users upon launching a browser, or is that only to provide a URL for admin logins?
--Raf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2019 08:26 AM
08-23-2019 08:26 AM
Re: 3Com 5500G-EI dot1x with RADIUS Server supplied VLAN VSA
Hi Raf!
Im trying to make mac-authentication on a 3COM 5500 (OS V3.03.x) with a ClearPass.
Did it work for you?
Any clues or hints would be appreciated.
Nico.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2019 09:36 AM
08-23-2019 09:36 AM
Re: 3Com 5500G-EI dot1x with RADIUS Server supplied VLAN VSA
Hi Nico,
Yeah, we got it working but ultimately gave up on the hardware. We ultimately wanted to be able to perfrom dot1x Auth > else > MAC Auth > else > Captive Portal Redirect. I think there were issues with the MAC Auth Bypass (MAB) or with the Captive Portal redirection. We've since retired most of our 5500 & have replaced them with Cisco 3750x. We're also moving to deploy HPE/Aruba 3810s & 5400s but we need to revisit the dot1x Auth vs MAC Auth prioritization. We've only enabled wired authentication in our dorms, which are principally serviced by Cisco 3750x's.
If you can let me know what exactly you having issues with i'll try to help as best I can.
--Raf