Switches, Hubs, and Modems
1748053 Members
4794 Online
108758 Solutions
New Discussion юеВ

Re: Reg:radius server authentication

 
SOLVED
Go to solution
cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

in this way
runing routing operation only 3500 switch
other 2510 switches only L2 operation on your system and vlan 60 managemet vlan for configuration and view all system

you can not ping radius server because we assign vlan 1 ip address on 2510 switches
not routing this new ip address on your system because you users ip default gateway vlan 1 ip address there fore not ping other vlan or internet in this vlan

I hope understand

cenk
cenk

cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

and you see carefully my config vlan name and your config vlan name vlan 10 name must be same all switch and vlan 20 and vlan 30 and v├Е an 60


cenk
cenk

support center
Advisor

Re: Reg:radius server authentication

Dear sir,

Thank u very much for ur coperation and i given my current setup and l3(3500yl)and 2510(l2) config also.
iam requesting u plz go through the attchment and give me ur suggession .

So that i am very great full to u if don this.

Thanks&Regards
srini
cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

hi Srini

I no read your attach
what is this ?
I want read 3500 and 2510 show run print

cenk
cenk

support center
Advisor

Re: Reg:radius server authentication

Dear Sir,

This is my current setup--Hi,


Current Setup:

uplink 26 uplink 24 DHCP/
PC -----> L2 -----> L3 ------> RADIUS
WinXP 2510 3500yl SERVER
192.168.1.165



PFA config of 2510 and 3500yl ... what else need to be done
so that PC users can be assigned a VLAN based on 802.1x authentication

Thanks in advance,
And config of 3500yl--
hostname "ProCurve Switch 3500yl-24G"
ip default-gateway 192.168.1.165
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-4,6-14,16-24
ip address 192.168.0.1 255.255.255.0
no untagged 5,15
exit
vlan 10
name "vlan1"
untagged 5
ip helper-address 192.168.1.165
ip address 192.168.1.1 255.255.255.0
tagged 24
exit

vlan 20
name "valn2"
untagged 15
ip helper-address 192.168.1.165
ip address 192.168.2.1 255.255.255.0
tagged 24
exit
vlan 30
name "vlan3"
ip helper-address 192.168.1.165
ip address 192.168.3.1 255.255.255.0
tagged 24
exit

primary-vlan 10

aaa port-access authenticator active


1HProCurve Switch 3500yl-24G#Running configuration:


; J9019A Configuration Editor; Created on release #Q.10.01

2510 config------------------
hostname "ProCurve Switch 2510-24"

snmp-server community "public" Unrestricted

snmp-server host 192.168.1.165 "public"

vlan 1

name "DEFAULT_VLAN"

untagged 1-4,6-14,16-26

ip address 192.168.0.2 255.255.255.0

no untagged 5,15

exit

vlan 10

name "vlan1"

untagged 5
tagged 26


exit

vlan 20

name "VLAN2"

untagged 15
tagged 26


exit

vlan 30

name "vlan3"

tagged 26

exit

aaa authentication port-access eap-radius

radius-server host 192.168.1.165 key test

primary-vlan 10

aaa port-access authenticator 5,15

aaa port-access authenticator 5 unauth-vid 10

aaa port-access authenticator 15 unauth-vid 10

aaa port-access authenticator active

aaa port-access supplicant 5,15


1HProCurve Switch 2510-24#


plz help me in this i will be very very thankfull and greatfull to u.

Thanks&Regards
srini

cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

Hi Srini
we talk about your configuration, in this case very composite
therefore I create new config will for you .

below config for 3500 and 2510 at the same time you can make radius ,ias and dhcp server config
not:for dhcp server config you must be make two scobe vlan 1 and vlan 4
authentication user take ip address vlan1 scobe
unauthentication user take ip address vlan 4 scobe

cenk

-----------------------------------------------
3500-3500-3500-3500
-----------------------------------------------
hostname "3500"
interface 1
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
interface 11
no lacp
exit
interface 12
no lacp
exit
interface 13
no lacp
exit
interface 14
no lacp
exit
interface 15
no lacp
exit
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "foruser"
untagged 1-15,18-19,21-26
ip address 192.168.0.1 255.255.255.0
no untagged 16-17,20
exit
vlan 2
name "forserver"
untagged 16
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.165
tagged 24
exit
vlan 3
name "xxx1"
untagged 17
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.165
tagged 24
exit
vlan 4
name "xxx2"
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.165
tagged 24
exit
vlan 40
name "formanagemet"
untagged 20
ip address 10.0.0.1 255.255.255.0
tagged 24
exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 192.168.1.165 key test
management-vlan 40
aaa port-access authenticator 1-15
aaa port-access authenticator 1 auth-vid 1
aaa port-access authenticator 1 unauth-vid 4
aaa port-access authenticator 2 auth-vid 1
aaa port-access authenticator 2unauth-vid 4
aaa port-access authenticator 3 auth-vid 1
aaa port-access authenticator 3 unauth-vid 4
aaa port-access authenticator 4 auth-vid 1
aaa port-access authenticator 4 unauth-vid 4
aaa port-access authenticator 5 auth-vid 1
aaa port-access authenticator 5 unauth-vid 4
aaa port-access authenticator 6 auth-vid 1
aaa port-access authenticator 6 unauth-vid 4
aaa port-access authenticator 7 auth-vid 1
aaa port-access authenticator 7 unauth-vid 4
aaa port-access authenticator 8 auth-vid 1
aaa port-access authenticator 8 unauth-vid 4
aaa port-access authenticator 9 auth-vid 1
aaa port-access authenticator 9 unauth-vid 4
aaa port-access authenticator 10 auth-vid 1
aaa port-access authenticator 10 unauth-vid 4
aaa port-access authenticator 11 auth-vid 1
aaa port-access authenticator 11 unauth-vid 4
aaa port-access authenticator 12 auth-vid 1
aaa port-access authenticator 12 unauth-vid 4
aaa port-access authenticator 13 auth-vid 1
aaa port-access authenticator 13 unauth-vid 4
aaa port-access authenticator 14 auth-vid 1
aaa port-access authenticator 14 unauth-vid 4
aaa port-access authenticator 15 auth-vid 1
aaa port-access authenticator 15 unauth-vid 4
aaa port-access 1-15

----------------------------------------------------------------
2510-2510-2510-2510
----------------------------------------------------------------


hostname "2510"
max-vlans 64
interface 1
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
interface 11
no lacp
exit
interface 12
no lacp
exit
interface 13
no lacp
exit
interface 14
no lacp
exit
interface 15
no lacp
exit
interface 16
no lacp
exit
interface 17
no lacp
exit
interface 18
no lacp
exit
interface 19
no lacp
exit
interface 20
no lacp
exit
snmp-server community "public" Unrestricted
vlan 1
name "foruser"
untagged 1-20,23-25
no ip address
tagged 26
no untagged 21-22
exit
vlan 3
name "xxx1"
untagged 21
tagged 26
exit
vlan 4
name "xxx2"
untagged 22
tagged 26
exit
vlan 40
name "formanagem"
ip address 10.0.0.2 255.255.255.0
tagged 26
exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 192.168.1.165 key test
management-vlan 40
aaa port-access authenticator 1-20
aaa port-access authenticator 1 auth-vid 1
aaa port-access authenticator 1 unauth-vid 4
aaa port-access authenticator 2 auth-vid 1
aaa port-access authenticator 2 unauth-vid 4
aaa port-access authenticator 3 auth-vid 1
aaa port-access authenticator 3 unauth-vid 4
aaa port-access authenticator 4 auth-vid 1
aaa port-access authenticator 4 unauth-vid 4
aaa port-access authenticator 5 auth-vid 1
aaa port-access authenticator 5 unauth-vid 4
aaa port-access authenticator 6 auth-vid 1
aaa port-access authenticator 6 unauth-vid 4
aaa port-access authenticator 7 auth-vid 1
aaa port-access authenticator 7 unauth-vid 4
aaa port-access authenticator 8 auth-vid 1
aaa port-access authenticator 8 unauth-vid 4
aaa port-access authenticator 9 auth-vid 1
aaa port-access authenticator 9 unauth-vid 4
aaa port-access authenticator 10 auth-vid 1
aaa port-access authenticator 10 unauth-vid 4
aaa port-access authenticator 11 auth-vid 1
aaa port-access authenticator 11 unauth-vid 4
aaa port-access authenticator 12 auth-vid 1
aaa port-access authenticator 12 unauth-vid 4
aaa port-access authenticator 13 auth-vid 1
aaa port-access authenticator 13 unauth-vid 4
aaa port-access authenticator 14 auth-vid 1
aaa port-access authenticator 14 unauth-vid 4
aaa port-access authenticator 15 auth-vid 1
aaa port-access authenticator 15 unauth-vid 4
aaa port-access authenticator 16 auth-vid 1
aaa port-access authenticator 16 unauth-vid 4
aaa port-access authenticator 17 auth-vid 1
aaa port-access authenticator 17 unauth-vid 4
aaa port-access authenticator 18 auth-vid 1
aaa port-access authenticator 18 unauth-vid 4
aaa port-access authenticator 19 auth-vid 1
aaa port-access authenticator 19 unauth-vid 4
aaa port-access authenticator 20 auth-vid 1
aaa port-access authenticator 20 unauth-vid 4
aaa port-access authenticator active
aaa port-access 1-20
cenk

support center
Advisor

Re: Reg:radius server authentication

Dear Cenk,

Thanks for ur valuble and great support on my case .Iam very very thankfull to u.Now i configured as per ur config file which i received from u.It was working fine.

Thanks a lot.

Thnka for HP-Tech team and NAZAR also.

THanks&Regards
srini
cenk sasmaztin
Honored Contributor

Re: Reg:radius server authentication

welcome Srini :)
cenk