- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- How to use mac-authentication to authorize trunk p...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2013 03:34 AM
07-03-2013 03:34 AM
How to use mac-authentication to authorize trunk ports on a connection?
So we have two use cases of which we have tenatively solved the first.
Use case 1:
When we hook a DL360 up to an A5800 switch, we want the switch to recognize that there is a machine on the port, query the MAC address, look it up in a radius database, and if in there, set the VLAN to one that the radius server reports. We have this mostly working with one caviat, if the server is idle for more than 90 seconds, the switch "disconnects the port" and refuses to send traffic to the DL360 until the DL360 initiates traffic to re-authenticate the mac address. I have had to write a keep-alive script on the CentOS 6 machines that "ping" traffic every 60 seconds to keep the port active.
mac-address timer no-aging
#
mac-authentication
mac-authentication timer offline-detect 180
mac-authentication timer quiet 15
mac-authentication domain gram
#
interface GigabitEthernet1/0/1
port link-mode bridge
description Generic Server Position 1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 15 untagged
port hybrid pvid vlan 15
mac-vlan enable
stp edged-port enable
mac-authentication
mac-authentication guest-vlan 15
In this case, we are on VLAN 15 until we are "authenticated". Once authenticated (with the correct radius payload) we are moved to the new VLAN (however another problem we have is that VLAN 15 is still associated with the port, it doesn't go away). The VLAN reverts to 15 if there is no traffic for 90 seconds.
Any suggestions for those two problems?
Use Case #2:
In this one, we want to make the connection a trunk to the device (in this case, still a DL360 however running Xen with the network virtual switch software). On this trunk, we are by default sending VLAN 15 and we want to ADD other VLANs to the trunk as different mac addresses are authenticated. This way we have virtual servers that are added to the trunk as they come online and off. Not sure how to accomplish this one.