- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: 5130 mac-authentication not detecting a device...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2017 03:32 AM
тАО05-17-2017 03:32 AM
Re: 5130 mac-authentication not detecting a device moving
Please try this:
<SW1>sys System View: return to User View with Ctrl+Z. [SW1]port-security mac-move permit [SW1]display port-security
Port security parameters: Port security : Disabled AutoLearn aging time : 0 min Disableport timeout : 20 s MAC move : Permited ...[snip]...
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2017 02:34 AM
тАО05-31-2017 02:34 AM
Re: 5130 mac-authentication not detecting a device moving
We have the same problem over here.
The port-security mac-move permit was already enabled, but don't help us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-31-2017 06:36 AM
тАО05-31-2017 06:36 AM
Re: 5130 mac-authentication not detecting a device moving
Found article on Airheads:
Last answer resolved our issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2017 04:00 AM
тАО06-12-2017 04:00 AM
Re: 5130 mac-authentication not detecting a device moving
Yeah, the comware devs tried to suggest that as an option. It isn't a solution, but a workaround. It might be fine if you have a few vlans. We have hundreds. This doesn't scale... it also doesn't seem to work reliably either.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2017 04:15 AM
тАО06-12-2017 04:15 AM
Re: 5130 mac-authentication not detecting a device moving
Interesting this works on the 1950... Hadn't realised they were comware7.
We've had confirmation this is a problem with the 5130. It seems to be related to the comware system drivers talking to the ASIC in the 5130 specifically. It's with the devs, who haven't managed to give our rep any feedback on when this might be fixed.
So essentially we have a 5130 bug here, which doesn't behave as per the documentation. It's causing us reputational damage now, we're very unhappy about it.... but what can you do? We're hopeful of a fix for this bug soon.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2018 06:54 AM
тАО01-29-2018 06:54 AM
SolutionAn old thread, but there's a conclusion!
The problem I had is something to do with the way the mac-auth works. Here's my primitive interpretation of what I think is happening (probably incorrect): When a mac address is authenticated it's placed within the vlan returned by radius. When this moves to a different port, it's then attempting to authenticate from a different vlan and that isn't possible... so nothing happens.
This is one of the reasons why making all vlans available on a hybrid port would sort of make things work in some circumstances.
There's a new code version that we were given at the end of 2017, 3301P01, which has yet to appear on the download site....
This contains a feature that allows the mac-auth process to bypass the vlan check so no matter whether there's an existing auth session placing the mac in a vlan, it will do a new auth.
This does actually work, but it requires a config change. At the global level you need: port-security mac-move permit
Then at the port level: port-security mac-move bypass-vlan-check
I'm not sure when this firmware is going to hit the website, we were told it was good for production.
- « Previous
-
- 1
- 2
- Next »