527 port authentication

Marky_Mark · ‎01-30-2017

Heres hoping. I read that with the latest firmware version LAN ports on the HP527 support 802.1X or MAC authentication.

However, I am unable to get it to work, everything I have setup works, (local forwarding, local authentication, vlan assignment to individual ports etc.) but the port does not present a login box when pluging in a laptop

sample code is below (my config is adapted from this):

"vlan 1201 to 1202"
"#"
"port-security enable"
"dot1x authentication-method eap"
"#"
"radius scheme nps"
"primary authentication 192.168.0.100"
"primary accounting 192.168.0.100"
"key authentication cipher $c$3$pJE/skAfFXZUvMRBtbza33+gCFUj/JiPBQ=="
"key accounting cipher $c$3$MDfFfd1cFzjMKiihMrA5LzM0oh9+6CGxVg==
user-name-format without-domain"
"#"
"domain nps"
"authentication default radius-scheme nps
authorization default radius-scheme nps
accounting default radius-scheme nps
authentication super radius-scheme nps
access-limit disable"
"state active"
"#"
"interface GigabitEthernet1/0/3 port link-type hybrid"
"port hybrid vlan 1 untagged mac-vlan enable"
"stp edged-port enable"
"mac-authentication domain nps
port-security max-mac-count 3"
"port-security port-mode userlogin-secure-or-mac-ext
dot1x max-user 2"
"undo dot1x handshake"
"dot1x mandatory-domain nps undo dot1x multicast-trigger"
"dot1x unicast-trigger"

Marky_Mark · ‎01-31-2017

this community seems quite dead and there is no support from HP on these matters - so I will answer my own question again! It seemed to be something to do with the file upload to the ac. Using a mac and text editor somehow messed up the format of the map file.

Thank you windows and notepad.

This is the way to setup port authentication on a 527 ap at least it works reliably for me (shame it does not support auth fail):

no dot1x legacy-supp-mode - seems particularly important as devices would only authenticate once with this enabled.

I hope this helps someone with a similar issue.

vlan 1
name Default

vlan 104
name student

interface gig 1/0/4
port link-type trunk
port trunk permit all

radius scheme radius
primary authentication <put your radius information here>
primary accounting <put your radius information here>
user-name-format without-domain

domain radiusdomain
authentication default radius-scheme radius
authorization default radius-scheme radius
accounting default radius-scheme radius
authentication lan-access radius-scheme radius
authorization lan-access radius-scheme radius
accounting lan-access radius-scheme radius
access-limit disable
state active

port-security enable
dot1x authentication-method eap

interface gig 1/0/1
port link-type hybrid
port hybrid vlan 1 untagged
stp edged-port enable
port-security port-mode userlogin-secure-ext
dot1x max-user 2
undo dot1x handshake
dot1x mandatory-domain radiusdomain
undo dot1x multicast-trigger
dot1x unicast-trigger
no dot1x legacy-supp-mode

interface gig 1/0/2
port link-type hybrid
port hybrid vlan 1 untagged
stp edged-port enable
port-security port-mode userlogin-secure-ext
dot1x max-user 2
undo dot1x handshake
dot1x mandatory-domain radiusdomain
undo dot1x multicast-trigger
dot1x unicast-trigger
no dot1x legacy-supp-mode

interface gig 1/0/3
port link-type hybrid
port hybrid vlan 1 untagged
stp edged-port enable
port-security port-mode userlogin-secure-ext
dot1x max-user 2
undo dot1x handshake
dot1x mandatory-domain radiusdomain
undo dot1x multicast-trigger
dot1x unicast-trigger
no dot1x legacy-supp-mode

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

527 port authentication

527 port authentication

Re: 527 port authentication