- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: MAC & 802.1x on the same network
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-20-2010 03:36 AM
тАО04-20-2010 03:36 AM
I would like to unify port configuration for all access (users) ports on my network. In our enterprise we have PC users(laptops and workstations) and devices like phones,printers etc.
Is it possible to configure all ports on hp switches the same way and later manage only MAC and 802.1x policies on Radius Server.
Also I have Radius server ready for deployment.
Regards,
Alexey
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-20-2010 11:25 PM
тАО04-20-2010 11:25 PM
Re: MAC & 802.1x on the same network
I used this configuration to authenticate a PC with 802.1X behind IP Phone.
The IP Phone used MAC authentication.
In the Radius server I allowed the vendor code of our Avaya phones for MAC authentication.
I used K.14.47
radius-server host 172.16.1.50
aaa server-group radius "UAC" host 172.16.1.50
aaa authentication port-access eap-radius server-group "UAC"
aaa port-access authenticator B1
aaa port-access authenticator active
aaa port-access mac-based B1
By default a Procurve switch has a limit of 32 clients:
aaa port-access authenticator B1 client-limit 2
This command is necessary if you want to use Wakeup-on-lan:
aaa port-access B1 controlled-direction in
This command is necessary if you want to use
multiple authentication methods
aaa port-access B1 mixed
I hope the answers your question.
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2010 01:11 AM
тАО04-21-2010 01:11 AM
Re: MAC & 802.1x on the same network
Do I right understand that in this way in this configuration I will have the same configuration for all ports and 802.1x and MAC authentication simultaneously.
Is your radius server Juniper UAC? I have it also.
Regards,
Alexey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2010 09:26 AM
тАО04-21-2010 09:26 AM
SolutionYes, it is possible for all other ports.
I did a proof-of-concept (POC) with Juniper and the Odyssey client.
On Windows XP SP3 machine we did machine authentication and user authentication.
We also did machine authentication with Apple, but this was not with the Odyssey client.
We also going to do a POC with HP IDM and MS NAP.
Kind regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-22-2010 11:05 AM
тАО04-22-2010 11:05 AM
Re: MAC & 802.1x on the same network
I tried to setup the same config on my 2610 switches and had some problems.
My UAC server successfully assign Phone to VLAN but Phone can't communicate via VOIP VLAN.
Also it's strange that port become down.
sh vlans 200
Status and Counters - VLAN Information - Ports - VLAN 200
VLAN ID : 200
Name : Voice
Status : Port-based
Voice : Yes
Jumbo : No
Port Information Mode Unknown VLAN Stat
---------------- -------- ------------
25 WEBMAC Learn Down
26 Tagged Learn Up
Overridden Port VLAN configuration
Port Mode
---- ------------
25 No
Here is log details :
04/22/10 22:47:18 ports: port 25 is now off-line
I 04/22/10 22:49:26 ports: port 25 is Blocked by AAA
Regards,
Alexey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-23-2010 03:23 AM
тАО04-23-2010 03:23 AM
Re: MAC & 802.1x on the same network
in Infranet Controller I defined a MAC based policy that allowed MAC addresses starting with the vendor code of Avaya phones.
Voice vlans are tagged static vlans and set by Radius.
IP phone boot using LLDP and DHCP option 242 to get their configuration.
Kind regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2010 06:57 AM
тАО06-07-2010 06:57 AM
Re: MAC & 802.1x on the same network
Thanks for your replays again but I'm still one the same point as several month ago.
1). mixed option is not valid for my hp2610 switches.
2). I don't understand how I can have two vlans (1 - avaya phone, 2 - Users 802.1x) on the same port. It is possible only if VOIP vlan will be tagged. Right?
My question is : How I can configure J-UAC to say to switch when it detects IPPhone to add VOIP VLAN as tagged? And then I will authenticate users via 802.1x and and secure VLAN as untagged.
I don't want to add to all port VOIP vlan as tagged. I need to add assign ALL VLANs(VOIP,USER) dynamically. Is it possible?
Sorry for my English.
Regards,
Alexey