Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Reg:radius server authentication

 
SOLVED
Go to solution

Reg:radius server authentication

Dear sir,

Iam having hp-3500yl and hp-2510-24 and radius server.

Now i configured the 3500yl for radius authentication its working fine now i want connect 3500yl to 2510-24 switch .

How can i configure 2510-24 switch to act as client switch.

Regards
srini
9246571397
17 REPLIES 17
cenk sasmaztin
Honored Contributor
Solution

Re: Reg:radius server authentication

hi..
you can make 3500 switch connect 2510 and you make 802.1x config 2510 switch

same radius config and port access config like 3500 on 2510 switch and you create 3500 to 2510 uplink port unauthentication port and each uplink port(on 3500 and 2510)untag vlan 1 tag all other vlans

good luck

cenk

Highlighted

Re: Reg:radius server authentication

Dear sir,

Thanks for ur reply and can i get some examples or sample config.

I will be greatfull to u if this helps


Regards
srini

cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

hi
int 26 uplink port for 3500 connection and vlan 1 untag member other all vlan
tag member you make same config 3500 uplink port
only managemet vlan assign ip address
this switch make only layer 2 operation therefore no need other vlan assign ip address.
good luck...


Running configuration:

; J4900B Configuration Editor; Created on release #H.10.50

hostname "2510"
interface 1
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
interface 11
no lacp
exit
interface 12
no lacp
exit
interface 13
no lacp
exit
interface 14
no lacp
exit
interface 15
no lacp
exit
interface 16
no lacp
exit
interface 17
no lacp
exit
interface 18
no lacp
exit
interface 19
no lacp
exit
interface 20
no lacp
exit
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-20,24-25,26
ip address 192.168.0.2 255.255.255.0

no untagged 21-23
exit
vlan 10
name "VLAN10"
untagged 21
tagged 26
exit
vlan 20
name "VLAN20"
untagged 22
tagged 26
exit
vlan 30
name "VLAN30"
untagged 23
tagged 26
exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 192.168.1.165 key xxxxx
aaa port-access authenticator 1-20
aaa port-access authenticator active
aaa port-access 1-20

cenk

Re: Reg:radius server authentication

Dear sir,

Thanks for ur valuble support and one more small doubt is there any changes on 3500yl switch and alredy i attached the existing config and give me the suggession.

Iam very greatfull to u .

Regards
srini
cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

hi Srini

I definition config for only 2510 switch

can you want attach 3500 switch with 2510
you 3500 switch true config and working fine ok I understand .My simple config for 2510

only for 3500 switch config uplink port(to2510)

good luck
cenk

Re: Reg:radius server authentication

Dear cenk sasmaztin ,


Thanks for ur valuble information and i undestand ur point and i ean my l3 switch is working fine and tomorrow i going to test with 2510 switch and i will try ur config if any problem is there i will update the case plz help me in this.

Iam very thankfull and greatfull to u.

Thanks&Regards
srini

Re: Reg:radius server authentication

Dear sir,

Thanks for ur reply and i done the same config on 2510 but from 2510 iam unable to ping radius server and it was showing network is unreacgble to this vlan

plz help me in this and i attached my l3 config plz go through that and according to that plz give me reply.

Regards
srini
cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

please send 3500 and one 2510 sh config print
cenk

cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

you reside default vlan on all user default vlan for only management.don't use default vlan for user network connection.

your radius .dc.dhcp server in vlan 10
all vlan member take on dhcp ip address with ip helper command

but 2510 not routing switch this swithc only L2 operation
there fore not assign ip address vlans on 2510 switch

you create all on switch vlan 60 and you assign this vlan managemet vlan and assign new managemet ip address this vlans

simple
3500(config)#vlan 40
3500config(vlan 40)#ip address 10.0.10.1/24
3500(config)#managemet-vlan 40


1-2510(config)#vlan 40
1-2510config(vlan 40)#ip address 10.0.10.2/24
1-2510(config)#managemet-vlan 40

2-2510(config)#vlan 40
2-2510config(vlan 40)#ip address 10.0.10.3/24
2-2510(config)#managemet-vlan 40

.......
...
..

now vlan 1 freedom and only vlan 1 ip address on 3500 switch
only vlans ip address 3500 switch
other 2510 switch only managenmet vlan ip address for managemet

and you remember all uplink port vlan 1 untag other vlan tag port

and your system managemetp pc for config and viewing reside on vlan 60 untag port

cenk
cenk