- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Procurve Edge Configuration - 802.1X
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2009 01:51 AM
тАО04-11-2009 01:51 AM
Procurve Edge Configuration - 802.1X
we're evaluating migration to 802.1X port access.
Authentication with supplicants and RADIUS host on same/CORE-switch works. So far so good..
When using an EDGE-switch (not directly connected to RADIUS host; also usually configured for RADIUS-host), the RADIUS-communication is incomplete:
Access request (switch) -> Access challenge (RADIUS) -> Access Request#2 (switch) -> Fragmented IP Protocol (RADIUS)
Tried different configuration-settings and manual-hints now, without success. Im stuck.
Any ideas?
Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2009 06:18 AM
тАО04-11-2009 06:18 AM
Re: Procurve Edge Configuration - 802.1X
possible one radius client(authenticator)with core switch
but*******unadvisable this configuration method
because
network authentication and authorization process must be proximate switch point (edge switch) when I make 802.1x config usually use for authenticator edge switch petty edge switch bucause all end user must connect on edge switch core switch usually for server and other switch connection
my advice you can make traditional 802.1x confuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2009 06:21 AM
тАО04-11-2009 06:21 AM
Re: Procurve Edge Configuration - 802.1X
simple 802.1x &dynamic vlan config
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-12-2009 02:34 AM
тАО04-12-2009 02:34 AM
Re: Procurve Edge Configuration - 802.1X
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2009 09:30 PM
тАО04-13-2009 09:30 PM
Re: Procurve Edge Configuration - 802.1X
I will try them asap, now after the holidays.
Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2009 11:18 PM
тАО04-13-2009 11:18 PM
Re: Procurve Edge Configuration - 802.1X
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2009 03:15 AM
тАО04-14-2009 03:15 AM
Re: Procurve Edge Configuration - 802.1X
I looked at the data that is sent with the Fragmented IP Protocol paket.. seems like it contains the RADIUS-ceritifcate.
Anyone got an idea, why this RADIUS-paket is invalid when sended to/over another switch?
Thanks in advance!
Config-example:
interface 4
no lacp
exit
aaa authentication port-access eap-radius
radius-server host 192.168.1.x key x
aaa port-access authenticator 4
aaa port-access authenticator active
Used: PEAP-MS-CHAP v2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2009 02:54 AM
тАО05-12-2009 02:54 AM
Re: Procurve Edge Configuration - 802.1X
what is your new email address ? could you send me a test email to ray.ma7@gmail.com :)
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2009 06:02 PM
тАО05-12-2009 06:02 PM
Re: Procurve Edge Configuration - 802.1X
but i need to point out something.
1,need the port for radius authentication.
for example.
aaa authentication port-access chap-radius
radius-server key 1234
radius-server host 192.168.1.100 key 1234
aaa port-access authenticator 12
aaa port-access authenticator 12 control authorized
aaa port-access authenticator active
this is used the default radius port. if your radius server used other port, please changed it.
verify using show radius command
default UDP port is 1813, this can be changed using:
radius-server host
2, for EAP radius, what type EAP portol you want to used? if for EAP-MD5 it should be ok.
if used EAP-PEAP or EAP-fast or EAP-TTLS you all need the CA for certificate(root certificate)
that what i am understanding, i used to config the Wi-Fi with EAP-TTLS, EAP-Fast, EAP-PEAP, for switch side, i tested the chap-radius and EAP-radius for (MD-challenge).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2009 06:12 PM
тАО05-12-2009 06:12 PM
Re: Procurve Edge Configuration - 802.1X
What about your edge switch ? from your core switch you setup the radius authentication but not for your edge switch ? right ?
for my experience, if i was you, i will setup the radius authentication in edge switch.
and do we have the similar command like cisco
ip radius source-interface Vlan2002 ?
have a try.