HPE Community
Switches, Hubs, and Modems
1752795 Members
5724 Online
108789 Solutions
New Discussion юеВ

Re: 2910AL - Radius VLAN(s) w/ DHCP question

 
SOLVED
Go to solution
groque
Frequent Advisor

тАО05-08-2009 10:16 AM

тАО05-08-2009 10:16 AM

2910AL - Radius VLAN(s) w/ DHCP question

Hi all,

I managed to setup Radius assigned VLAN(s) on my ProCurve 2910 using Windows authentication.

These are the scopes I created the DHCP server is on VLAN 50 with an IP of 172.16.50.1.

VLAN 10 - E -> Network 172.16.10.0 /24
VLAN 20 - J -> Network 172.16.20.0 /24
VLAN 30 - S -> Network 172.16.30.0 /24
VLAN 40 - P -> Network 172.16.40.0 /24

Note: I only have 1 server that 50.1 server does everything Radius, AD, DHCP etc. This is just a test lab.

My main concern is when I plug in my laptop to port 1 (which is set as a authenticator) and I log in as a user assigned to VLAN 10, everything works fine!. The laptop, switch and IAS server says that I am connected and when I check the port status I can see that it am on VLAN 1

Auth Unauth Untagged Tagged Kbps In RADIUS Cntrl
Port Clients Clients VLAN VLANs Port COS Limit ACL Dir
---- -------- -------- -------- ------ --------- ----------- ------ -----
1 1 0 1 No 00000000 No No both


The problem is after the user authenticates it doesn't grab an IP from the DHCP server right away. It stays with the APIPA address so what I have to do is manually release and renew the IP address in order to grab one.

Is this a firmware issue or is there a command I am missing?

This is the current firmware I am running Boot Rom Version: W.14.04.

Thanks guys

0 Kudos
19 REPLIES 19
cenk sasmaztin
Honored Contributor

тАО05-08-2009 10:39 AM

тАО05-08-2009 10:39 AM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

please send me sh tech print your 2910al switch
cenk

0 Kudos
groque
Frequent Advisor

тАО05-08-2009 10:44 AM

тАО05-08-2009 10:44 AM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

Thanks for replying

I did the sh tech but my console session can't record all the data being displayed is there something in particular you would like to see I can send that over
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-08-2009 10:56 AM

тАО05-08-2009 10:56 AM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

ok please send me sh run print
cenk

0 Kudos
groque
Frequent Advisor

тАО05-08-2009 11:05 AM

тАО05-08-2009 11:05 AM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

Hi I attached the sh run on this thread if thats the the config you are looking for please let me know.

Cheers
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-08-2009 11:19 AM

тАО05-08-2009 11:19 AM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

your ip helper address false
ip helper address must be dhcp server address foreach vlan

and dhcp server default gateway address must be vlan 50 ip address
cenk

0 Kudos
groque
Frequent Advisor

тАО05-08-2009 11:42 AM

тАО05-08-2009 11:42 AM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

Thanks for your input.

What do you mean I have to have a DHCP server for my VLAN do I need to have a separate DHCP box for all for VLAN(s)? I don't quite understand that concept.

The thing is this config worked perfectly fine when I had static VLAN(s) assigned to each port. For example port 1-4 is assigned to VLAN 10, port 5-8 was assigned to VLAN 20.

When I plugged in a laptop into port 1 it gave me an address of 172.16.10.1 and when I plugged it into port 2 it gave me an address of 172.16.20.1.

With the dynamic VLAN when I log in with a user that belongs to VLAN 10 it doesn't assign me the IP address right away. I have to release and renew my IP address after that it assigns me an IP from the 172.16.10.0 network and vice versa with other VLAN(s).

I hope this all makes sense if you have any questions or suggestions please let me know.
0 Kudos
Jeff Carrell
Honored Contributor

тАО05-08-2009 12:14 PM

тАО05-08-2009 12:14 PM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

of what i can see of the config and your 2 descriptions, i would think it should be working...

you might try this, create a VLAN99 (i call this the "dead" or "notused" vlan)...do not give it an ip addr or ip helper-address, put port 1 in as untagged...disconnect the laptop from port 1, reconnect to port 1 and see if it works any better...

i can't guarantee it will be better, but that is how i have my 802.1X switches configured...

hth...jeff
0 Kudos
groque
Frequent Advisor

тАО05-08-2009 12:57 PM

тАО05-08-2009 12:57 PM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

Thanks for the advice Jeff but that did not solve the problem. Maybe this has something to do with Microsoft DHCP does anybody use Windows 2003 as your DHCP server?
0 Kudos
groque
Frequent Advisor

тАО05-08-2009 01:54 PM

тАО05-08-2009 01:54 PM

Re: 2910AL - Radius VLAN(s) w/ DHCP question

Hi all,

I think this might be a bug with User based 802.1x dynamic VLAN(s). I just finished configuring MAC based VLAN(s) and it works great.

When I change the VLAN ID on my IAS server and replug in the wire the IP address picks up right away! but when I try it with user based VLAN(s) I still need to release and renew my IP addresses

If anybody has any more suggestions in regards to the user based VLANing please let me know.

Cheers
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.