HPE Community
IMC
1752805 Members
5713 Online
108789 Solutions
New Discussion юеВ

Re: UAM + Wireless Help? Various problems...

 
theGagne
Occasional Visitor

тАО11-22-2014 03:46 PM

тАО11-22-2014 03:46 PM

UAM + Wireless Help? Various problems...

Is there a walkthrough anywhere on setting up UAM Radius with wireless using HP 850 WLAN Controller? Getting stuck on so many levels...

 

Issue 1:

I can successfully import users from my 2003 domain but for some reason the 2012 domain will not:

Connecting to LDAP server "..." failed due to Admin DN error or Admin Password error.

 or with SSL enabled (firewall off, cert imported):

Connecting to LDAP server "..." failed due to LDAP server timeout, IP address error or certificate configuration error.

 Issue 2:

Using 2003 domain, I've followed instructions found in "IMC UAM 802.1X Authentication Configuration Examples.pdf" to configure both the IMC side and the wireless controller side, but when I try to authenticate on wireless I get refused with this error: 

E63053::Invalid authentication type.

 Issue 3:

If I attempt to deploy a WLAN via "Fast Deploy WLAN", I get these errors:

Failed to bind Radio policy.
Failed to deploy the enable status for SSID
Radius policy "IMC" fail to bind to AC
Domain "..." fail to bind to AC

 Issue 4:

If I attempt to setup the HP 850 as an access device and then attempt to synchronize ports, it fails. I also cannot deploy. If I open details the synchronization failure reason is:

Synchronization Failure Reason	The adapter does not been supported.

 Bad grammar aside, this is not fun.

 

Issue 5:

When we skipped IMC and just set it up to use our 2003 AD as radius server, we could actually authenticate and connect, but it would drop clients consistently. Mac laptops only lasted 4 seconds before they would deauth and try again, for some reason pc laptops would last up to a minute, while phones would appear to stay connected the whole time.

 

Ultimately, we want to set this up properly so that auth and accounting would happen in IMC. The 2003 domain is just temporary until we migrate fully to 2012. Eventually we will also roll out 8021x on our wired connections as well, but for now just getting wireless working properly would be great.

 

I have a ticket in with support but apparently they don't have IMC resources available on weekends even though we purchased 24x7 support.

0 Kudos
2 REPLIES 2
NeilR
Esteemed Contributor

тАО11-22-2014 05:32 PM - edited тАО11-22-2014 05:33 PM

тАО11-22-2014 05:32 PM - edited тАО11-22-2014 05:33 PM

Re: UAM + Wireless Help? Various problems...

Can't say i have exact solutions as I have different setup. 2008 domain and hp msm765zl controller.

But here's what worked for me. AD 2008 works fine as long as domain setting in Imc options is set to 2003. I think it's more of schema type setting then a OS match setting. I think 2008 dc will run in 2012 domain.

I was able to import cert and use ssl.

I'm managing the wlan configuration using the controller GUI. I had my configs set there prior to imc. I use imc to view the wlan users etc through the controller soap interface and use imc as radius server. Same radius configs work for my wired users.
You need an acces policy and access service using peap with mschapv2 and vlan to deploy. Make sure a scenario or default acces will allow a connection.
I did not have to synch ports for msm device not sure about your 850 controller
Wire shark invaluable for seeing the details.
I found good hp support for Pcm less so far for imc.
But after months of struggle I find I'm liking imc a lot. Hope this may have help, at least in sympathy
Neil
theGagne
Occasional Visitor

тАО11-22-2014 06:10 PM

тАО11-22-2014 06:10 PM

Re: UAM + Wireless Help? Various problems...

Thanks, I'll try the access policy changes with vlan and peap tomorrow.

 

You're probably right that I don't have to sync the controller ports, that's probably more for rolling out authentication for switch ports.

 

Despite the difficulties configuring IMC, I also am liking it a lot. The youtube videos, pdfs, and expertone resources are helpful, I just wish they had more real world configs explained or that they were easier to find what you need.

 

Hopefully support will get back to me Monday about my questions.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.