- Community Home
- >
- Networking
- >
- Wireless
- >
- Comware Wireless / Unified Series
- >
- 527 port authentication
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2017 08:43 AM - edited 01-30-2017 08:44 AM
01-30-2017 08:43 AM - edited 01-30-2017 08:44 AM
Heres hoping. I read that with the latest firmware version LAN ports on the HP527 support 802.1X or MAC authentication.
However, I am unable to get it to work, everything I have setup works, (local forwarding, local authentication, vlan assignment to individual ports etc.) but the port does not present a login box when pluging in a laptop
sample code is below (my config is adapted from this):
"vlan 1201 to 1202"
"#"
"port-security enable"
"dot1x authentication-method eap"
"#"
"radius scheme nps"
"primary authentication 192.168.0.100"
"primary accounting 192.168.0.100"
"key authentication cipher $c$3$pJE/skAfFXZUvMRBtbza33+gCFUj/JiPBQ=="
"key accounting cipher $c$3$MDfFfd1cFzjMKiihMrA5LzM0oh9+6CGxVg==
user-name-format without-domain"
"#"
"domain nps"
"authentication default radius-scheme nps
authorization default radius-scheme nps
accounting default radius-scheme nps
authentication super radius-scheme nps
access-limit disable"
"state active"
"#"
"interface GigabitEthernet1/0/3 port link-type hybrid"
"port hybrid vlan 1 untagged mac-vlan enable"
"stp edged-port enable"
"mac-authentication domain nps
port-security max-mac-count 3"
"port-security port-mode userlogin-secure-or-mac-ext
dot1x max-user 2"
"undo dot1x handshake"
"dot1x mandatory-domain nps undo dot1x multicast-trigger"
"dot1x unicast-trigger"
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2017 02:24 AM
01-31-2017 02:24 AM
Solutionthis community seems quite dead and there is no support from HP on these matters - so I will answer my own question again! It seemed to be something to do with the file upload to the ac. Using a mac and text editor somehow messed up the format of the map file.
Thank you windows and notepad.
This is the way to setup port authentication on a 527 ap at least it works reliably for me (shame it does not support auth fail):
no dot1x legacy-supp-mode - seems particularly important as devices would only authenticate once with this enabled.
I hope this helps someone with a similar issue.
vlan 1
name Default
vlan 104
name student
interface gig 1/0/4
port link-type trunk
port trunk permit all
radius scheme radius
primary authentication <put your radius information here>
primary accounting <put your radius information here>
user-name-format without-domain
domain radiusdomain
authentication default radius-scheme radius
authorization default radius-scheme radius
accounting default radius-scheme radius
authentication lan-access radius-scheme radius
authorization lan-access radius-scheme radius
accounting lan-access radius-scheme radius
access-limit disable
state active
port-security enable
dot1x authentication-method eap
interface gig 1/0/1
port link-type hybrid
port hybrid vlan 1 untagged
stp edged-port enable
port-security port-mode userlogin-secure-ext
dot1x max-user 2
undo dot1x handshake
dot1x mandatory-domain radiusdomain
undo dot1x multicast-trigger
dot1x unicast-trigger
no dot1x legacy-supp-mode
interface gig 1/0/2
port link-type hybrid
port hybrid vlan 1 untagged
stp edged-port enable
port-security port-mode userlogin-secure-ext
dot1x max-user 2
undo dot1x handshake
dot1x mandatory-domain radiusdomain
undo dot1x multicast-trigger
dot1x unicast-trigger
no dot1x legacy-supp-mode
interface gig 1/0/3
port link-type hybrid
port hybrid vlan 1 untagged
stp edged-port enable
port-security port-mode userlogin-secure-ext
dot1x max-user 2
undo dot1x handshake
dot1x mandatory-domain radiusdomain
undo dot1x multicast-trigger
dot1x unicast-trigger
no dot1x legacy-supp-mode