- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- 802.1x Multiple-auth with different Vlans
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2017 10:21 PM
08-07-2017 10:21 PM
802.1x Multiple-auth with different Vlans
Hi,
we have a Procurve 5412zl (J8698A) switch. I managed to implement 802.1x authentication successfully. I am using Mac-Based authentication for Printers, Phones, Dect stations and WiFi Ap's. For the users User-Based authentication.
Now we have 10-15 unmanaged dumb desktop switches in some offices. Unfortunately not all users connected to those dumb switches are from the same department, which means each needs to be authenticated to get the correct Vlan, which doen't work with these dumb switches, so I start playing around with a managed Vlan and 802.1x capable switch as a replacement for the unmanaged dumb switch. The new switch is connected to the Procurve 5412zl (J8698A) over a port wich can do both Mac-Based and User-Based authentication, the new switch is authenticated over the Mac address. I enabled the 802.1x feature on the new switch, unfortunately I couldn't authenticate at all, the request to freeradius is accepted and the Access accept is sent to the client.
On the Procurve 5412zl (J8698A) no Vlan is tagged on this specific port, only the Vlan of the switch is untagged. When I connect to HP port directly it works as expected for all devices, but not with the other switch in between.
I don't know what I am missing here!
We have a ring typology and the HP switch is not the core switch.
Is the Procurve 5412zl (J8698A) capable to make this scenario possible?
How can I authenticate one user, multiple users with different Vlans?
Best
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2017 12:21 AM - edited 08-09-2017 12:24 AM
08-09-2017 12:21 AM - edited 08-09-2017 12:24 AM
Re: 802.1x Multiple-auth with different Vlans
Hi,
no idea here? once I connect the Unifi switch it gets authenticated with Mac-Address and Vlan 2 is untagged on the port of the HP switch :
switch-north1(config)# show vlans ports a18 Status and Counters - VLAN Information - for ports A18 VLAN ID Name | Status Voice Jumbo ------- -------------------------------- + ---------- ----- ----- 2 NetworkComponents | Port-based No No
when I try to connect with 802.1x with my client I see the following message in the logging of the Unifi switch:
UBNT daemon.notice switch: TRAPMGR: Link Up: 0/4 UBNT daemon.notice switch: DOT1X: Dot1x Authenticated Successfully
The logging of the HP switch doen't show any thing
I tried on the Procurve 5412zl (J8698A) the following:
- tagging the vlan (vlan 10) on port A18 and then:
aaa port-access authenticator A18 aaa port-access authenticator A18 client-limit 2 aaa port-access mac-based A18 aaa port-access mac-based A18 addr-limit 2
- I tried it the other way around:
aaa port-access authenticator A18 aaa port-access authenticator A18 client-limit 2 aaa port-access mac-based A18 aaa port-access mac-based A18 addr-limit 2 aaa authentication allow-vlan tagged vlan 10 tagged A18
- I tried it with:
aaa port-access A18 mixed
Unfortunately nothing worked and I couldn't authenticate the user. Without the intermediate switch every thing works as expected and I have to use at least 5 intermediate switches. I am also able to use the HP 1820-8G switch instead of the Unifi if it would help.
I would be happy for any hint here.
Thanks