HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Playing with 802.1x on Baseline 2924 SFP Plus

 
SmartU
Occasional Contributor

Playing with 802.1x on Baseline 2924 SFP Plus

Hi,



I´m playing with 802.1x on a Baseline 2924 SFP Plus.



My setup:



----



remote switch:

- has gateway for VLAN 14: 192.168.14.40

- has gateway for VLAN 16: 192.168.16.40

- has gateway for VLAN 30: 192.168.30.40

- Port 24 has untagged VLAN 14, tagged VLAN 16, tagged VLAN 300

- VLAN 14, old data VLAN

- VLAN 16, new data VLAN

- VLAN 30, VoIP VLAN



2924:

- has IP: 192.168.14.100, with gateway 192.168.14.40

- Port 24 has untagged VLAN 1, so I can reach the IP interface of the switch

- Port 24 has tagged VLAN 30, tagged VLAN 16

- rest of the ports have untagged VLAN 16, tagged VLAN 30



My goals:

- 802.1x authenticated VoIP phones should be placed into VoIP VLAN 30

- unauthenticated devices should be automatically placed into guest VLAN 16



What works:

- Well, everything. VoIP phones go into VLAN 30, the rest goes into VLAN 16.



Why am I here:

- For now the solution is kind of tricky:

+ Guest VLAN can´t be the default VLAN 1, so I had to create a new VLAN 16, make that new VLAN on the remote switch and tag it to the 2924.

+ Now I need two VLANs with their own subnets. One, well let´s say a management VLAN (=> VLAN 1) with IP 192.168.14.100 to reach the web interface of the 2924.

The other, which is now VLAN 16, which I had to tag to the remote switch, to place the unauthenticated devices to.



My goal was to put those unauthenticated users also into VLAN 1, which is not possible. There´s no option for it within the web interface.

Also it seems I can´t put the 2924´s IP address into another VLAN, so change it into an IP of a tagged VLAN, because the IP seems to belong to the (untagged) default VLAN 1.



Has anyone any idea how I can make this better?

Is this a bug?

Btw, is there a possibility to email 3COM some feature requqests for its switches?

This message was edited by SmartU on 6-25-09 @ 3:01 AM
1 REPLY
Knapovsky
Occasional Advisor

Re: Playing with 802.1x on Baseline 2924 SFP Plus

New features development for Baseline family is not likely to happen. My suggestion is to replace baseline with some enterprise device, like 4210, 4500, 4200G or 5500G. Or open a case with 3Com GSO via esupport.3com.com.



Best regards

./Miro

3Com Czech Republic
3Com Czech Republic