Skip to ContentSkip to Footer
Start of content
- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 802.1x and port-access mac-based config CHAP v2 qu...
Switches, Hubs, and Modems
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
802.1x and port-access mac-based config CHAP v2 question
SOLVED
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-04-2011 10:49 AM
05-04-2011 10:49 AM
Greetings and thanks for any/all feedback!
Need to support non 802.1x clients such as games systems. Using port-access with MAC authentication on ProCurve switches and I am logging on my Radius server for these non 802.1x clients:
Handshake Authentication Protocol (CHAP).
A reversibly encrypted password does not exist for this user account.
To ensure that reversibly encrypted passwords are enabled,
check either the domain password policy or the password settings on the user account.
Any support for CHAP v2 when the mac-based is used on the following switches?
HP2848, J4904A revision I.10.82
HP2810, J49022A revision N.11.25
HP2910al, J9147A revision W.14.49
Do not want to change active directory to enable storage of a reversibly encrypted form of the password just for support of gaming systems.
Clients using 802.1x get on OK. If client not currently 802.1x capable but able to support, client pushed to registration VLAN 2999 were they will be able to download and configure 802.1x configuration.
~Snip of current config, a MAC authentication client fails on the CHAP login.
; J9022A Configuration Editor; Created on release #N.11.25
hostname "bf1test01"
snmp-server contact "Resnet"
snmp-server location "BF1 "
mac-age-time 7200
time timezone -300
time daylight-time-rule Continental-US-and-Canada
no cdp run
console inactivity-timer 30
ip default-gateway X.X.X.X
sntp server
timesync sntp
sntp unicast
snmp-server host X.X.X.X
vlan 1
name "DEFAULT_VLAN"
untagged 48
ip address X.X.X.X Y.Y.Y.Y
no untagged 1-47
exit
vlan 232
name "BF1_VLAN"
untagged 1-47
no ip address
tagged 48
ip igmp
exit
vlan 2999
name "Quar_VLAN"
no ip address
tagged 48
exit
no lldp run
aaa authentication port-access eap-radius
radius-server host X.X.X.X
aaa port-access authenticator 1-12
aaa port-access authenticator 1 auth-vid 232
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 auth-vid 232
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 auth-vid 232
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 auth-vid 232
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 auth-vid 232
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 auth-vid 232
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 auth-vid 232
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 auth-vid 232
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 auth-vid 232
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 auth-vid 232
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 auth-vid 232
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 auth-vid 232
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-12
aaa port-access mac-based 1 unauth-vid 2999
aaa port-access mac-based 2 unauth-vid 2999
aaa port-access mac-based 3 unauth-vid 2999
aaa port-access mac-based 4 unauth-vid 2999
aaa port-access mac-based 5 unauth-vid 2999
aaa port-access mac-based 6 unauth-vid 2999
aaa port-access mac-based 7 unauth-vid 2999
aaa port-access mac-based 8 unauth-vid 2999
aaa port-access mac-based 9 unauth-vid 2999
aaa port-access mac-based 10 unauth-vid 2999
aaa port-access mac-based 11 unauth-vid 2999
aaa port-access mac-based 12 unauth-vid 2999
password manager
password operator
thanks!
jim
Solved! Go to Solution.
2 REPLIES
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-05-2011 08:03 AM
05-05-2011 08:03 AM
Solution
Hi Jim,
as fair as I know MS-Chap V2 is only supported on ProVision Devices like 3500/5400/8200. You may build a new trusted tree in the AD-Forrest with its own Group Policy and Radius-Server as a workaround and put the MACs in there.
Cheers
Jens
as fair as I know MS-Chap V2 is only supported on ProVision Devices like 3500/5400/8200. You may build a new trusted tree in the AD-Forrest with its own Group Policy and Radius-Server as a workaround and put the MACs in there.
Cheers
Jens
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-11-2011 02:28 AM
05-11-2011 02:28 AM
Re: 802.1x and port-access mac-based config CHAP v2 question
Re: 802.1x and port-access mac-based config CHAP v2 question
Thanks Jens!
jim
jim
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
End of content
United States
Hewlett Packard Enterprise International
Communities
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP