HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Community
Comware Based
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

 
Michael_W
Michael_W
Occasional Advisor

‎03-09-2014 03:19 AM

‎03-09-2014 03:19 AM

HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Hi,

 

I want to get some idea on HP 5500 and HP 2530 switches configuration with setup as pdf attached

 

 

Overview


Wireless users will be dynamically assigned into their own user vlan based on NPS

 

 

My Configuration Plan:

 

HP5500SI as core switch

- Configure vlan 10,20,30 and interface vlan 10,20,30

- Configure trunk port to HP2530

   - int gi 1/0/24

   - port trunk permit vlan 10 20 30

- Configure trunk port to Wireless Controller

- Configure Access vlan 10 port to NPS

 

HP2530G

- Configure vlan 10,20,30

- Configure trunk port to HP5500

   - vlan 10 - tagged eth 24

   - vlan 20 - tagged eth 24

   - vlan 30 - tagged eth 24

- Configure dot1x globally

- Configure radius info

- Configure dot1x on port connected to wireless AP

   - int eth 23

   - enable dot1x

 

 

Are these switches setup and configuration work correctly or there is still configuration missing?

Any suggestion would be much appreciated.

 

Thanks

 

 

 

0 Kudos
Reply
3 REPLIES
Praveen_D
Praveen_D
Occasional Advisor

‎03-10-2014 12:18 PM

‎03-10-2014 12:18 PM

Re: HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Please check these points ,

In wireless controller :

1. Create Radius profile

2. Configure remote 802.1xauthentication in VSC

 

For wireless users to authenticate RADIUS server , what type of EAP method are you using ,

 

 

Do you want to authenticate  AP also  with 802.1x .

and you have to tag Vlan 20 and Vlan 30 on the access switch port connected to AP  .

 

R/

 

 

 

0 Kudos
Reply
Michael_W
Michael_W
Occasional Advisor

‎03-10-2014 06:59 PM

‎03-10-2014 06:59 PM

Re: HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Thanks for your reply.

 

Im using Aruba controller and AP actually. Yes wireless users need tu authenticate using 802.1x. This part will be done at controller site.

 

My concern is actually on HP switch configuration. As im not very familiar with HP2530.

So, according to you the switch port that connected to the AP need to tag vlan 20 and 30?

What if I untagged it as vlan 10 (management) but inside the controller have all the vlan ?

 

 

AP ----------------------HP2530---------------------------HP5500----------------------------Controller

             tagged vlan 10                          tagged vlan 10 20 30                       tagged vlan 10 20 30

 

 

0 Kudos
Reply
Praveen_D
Praveen_D
Occasional Advisor

‎03-10-2014 09:35 PM

‎03-10-2014 09:35 PM

Re: HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Dear you have to tagg vlan 20 and 30 otherwise , other wise you have to use HP MTM feature (hp wireless controller case) auruba i dont know . vlan 10 for the managemnet if you enable HP MTM feature vlan 20 and 30 will tullel traffic (data) up to the controller .  i think on the Aruba wireless controller you have to enable same feature -HP MTM . then only vlan 20 and 30 will pass .

 

better you can tagg the vlan 20 and 30 .

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.