HPE Community
IMC
1753366 Members
6033 Online
108792 Solutions
New Discussion юеВ

Re: IMC 7.2 , 802.1X WLAN - ISSUES CLIENT RECEIVE DEPLOY VLAN IP ACCESS SERVICE

 
csantos37
Occasional Visitor

тАО03-20-2018 07:13 AM - edited тАО03-20-2018 07:33 AM

тАО03-20-2018 07:13 AM - edited тАО03-20-2018 07:33 AM

IMC 7.2 , 802.1X WLAN - ISSUES CLIENT RECEIVE DEPLOY VLAN IP ACCESS SERVICE

Hi all, I would like a help regarding UAM with WLAN 802.1x, my environment I have a controller LSU3WCMD0, and Access points MSM460-AM, I created two environments, one with authentication via MAC through BYODAnonymous that worked perfectly without any problem, in the another environment that would be the authentication via RADIUS in the IMC I encountered difficulties, since the User tries to connect but does not receive the IP of the VLAN that is defined in ACCESS POLICE, well I performed the steps:
1. Import ROOT and SERVER Certificates: OK
2. Import AD User through synchronization: OK
3. Configure on LSU3WCMD0, RADIUS, and DOMAIN: OK
4. Set WLAN-ESS on the controller and apply in an SSID template: ok
5. Test with the user connecting: The signal authenticates the user, it appears in the IMC as ONLINE but does not receive the vlan IP.

Could someone help me in this situation?
Thank you.

0 Kudos
2 REPLIES 2
NeilR
Esteemed Contributor

тАО03-20-2018 05:17 PM

тАО03-20-2018 05:17 PM

Re: IMC 7.2 , 802.1X WLAN - ISSUES CLIENT RECEIVE DEPLOY VLAN IP ACCESS SERVICE

In 7.2 you'll need to specify the propietary radius attributes for send to the APs to set the deployed vlans. In 7.3 it looks like they support this natively for the MSM as my policies show no propietary atrributes set with policies but its still working.

If you are using your controller to do authentication only and not tunneling the traffic back to the controller, then you are sending the traffic from the AP to the switch where the AP is attached.

You will have set the VLANs used on the AP and the switch already. But you need the radius response to include the vlans to be set for access

To get the traffic to egress the switch that the AP is connected to you will need to have your radius server send the attribute HP-Egress-VLAN-Name(65) along with the matching VLAN name as part of the Access accept response back to the AP. You will need to add a 1 in front of the name for tagged or 2 for untagged - 1MYVLAN

Or you can use HP-Egress-VLANID(64) <tagged/untagged(0x31 or 0x32)>000<VLAN_ID (as hex)>

Name is a little friendlier - you can search HP-Egress-VLAN for more details

this post has some more background

https://community.hpe.com/t5/IMC/Deploy-tagged-vlans-to-ports-with-UAM-as-part-of-a-service/m-p/6633836#M1534

 

 

csantos37
Occasional Visitor

тАО03-21-2018 04:53 AM

тАО03-21-2018 04:53 AM

Re: IMC 7.2 , 802.1X WLAN - ISSUES CLIENT RECEIVE DEPLOY VLAN IP ACCESS SERVICE

Thank you for answering Neir, I'll check .... I've already clarified a lot.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.