Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

NAP 802.1x EAP with Certificate - Deployment with Procurve "per User ACL"

StephanGee
Occasional Advisor

NAP 802.1x EAP with Certificate - Deployment with Procurve "per User ACL"

Hello,

 

maybe some procurve specialists are here. This is the problem what i'm encounter:

 

I've set up the VSA in NPS (2008 R2) like described in the "2910al Access & Security Guide".

 

Entry:

Vendor specific:

code: 11 vsa: 61

string:

HP-Nas-filter-Rule="permit in ip from any to 172.20.XX.XX/22"

Errors in the log of the router:

I 01/03/90 20:31:16 00699 idm: ACE parsing error, permit/deny keyword, aceIndex 1, client 2C4138074XXX, port 4
I 01/03/90 20:30:00 00699 idm: ACE parsing error, permit/deny keyword, aceIndex 1, client 2C4138074XXX, port 4
I 01/03/90 20:28:43 00699 idm: ACE parsing error, permit/deny keyword, aceIndex 1, client 2C4138074XXX, port 4

 

When i try it without the vendor entry. i get authenticated so there is no problem with the authentication.

 

Can anyone help me with this ?

 

Greets
Stephan