- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- check config and help 2X 5406zl + 17 X 2610
Switches, Hubs, and Modems
1745806
Members
3857
Online
108722
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 02:09 AM
тАО03-25-2009 02:09 AM
Hello,
We just received our new hp cores and switch.
The configuration must be like this.
2 cores 5406zl(core1 and core2) using:
- Redundancy
- Load balancing
- Radius mac auth to authentificate client pc's.
all our servers got 2 nic (teaming in same ip). One nic connect to core1 and the other one to core2.
2610 are linked to both cores (one link to core1 and the other to core 2.
Description of ports for tests:
A1-A24 unused
B1-B4 Trunk between both cores
B5-B12 used to link switchs
B13-B24 unused
C1-C12 unused
C13 link to windows 2003 (AD, DHCP, DNS, IAS) 30.130.2.21
C14-C16 are servers in vlan 3
C17-C20 are servers in vlan 4
C21-C24 are servers in vlan 5
D1-D12 unused
D13-D24 mac auth radius on client directly connected to cores
we have 11 vlans
This is our platform test environnement.
Here is the configuration i have done for core 1: (core2 is attached to this post)
; J8697A Configuration Editor; Created on release #K.13.51
hostname "COEUR1"
ip access-list standard "1"
10 deny 30.130.3.0 0.0.0.255
20 deny 30.130.5.0 0.0.0.255
30 deny 30.130.6.0 0.0.0.255
40 deny 30.130.7.0 0.0.0.255
50 deny 30.130.8.0 0.0.0.255
60 deny 30.130.9.0 0.0.0.255
70 deny 30.130.10.0 0.0.0.255
80 deny 30.130.12.0 0.0.0.255
90 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "3"
10 deny 30.130.2.0 0.0.0.255
20 deny 30.130.100.0 0.0.0.255
30 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "5"
10 deny 30.130.6.0 0.0.0.255
20 deny 30.130.7.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "6"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.7.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "7"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "8"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "9"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.8.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "10"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.8.0 0.0.0.255
50 deny 30.130.9.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "12"
10 deny 30.130.100.0 0.0.0.255
20 deny 30.130.2.0 0.0.0.255
30 permit 0.0.0.0 255.255.255.255
exit
module 1 type J8706A
module 2 type J8702A
module 3 type J8702A
module 4 type J8702A
trunk B1-B4 Trk1 Trunk
ip default-gateway 30.130.1.1
ip routing
snmp-server community "public" Unrestricted
snmp-server host 30.130.100.10 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B13-B24,C1-C12,D1-D24
ip helper-address 30.130.2.21
ip address 30.130.100.1 255.255.255.0
tagged B5-B12,Trk1
no untagged C13-C24
ip access-group "1" out
exit
vlan 2
name "SERVEURINTRA"
untagged C14-C16
ip address 30.130.2.1 255.255.255.0
tagged B5-B12,C13,Trk1
exit
vlan 3
name "SERVEUREXTRA"
ip address 30.130.3.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "3" out
exit
vlan 4
name "SI"
untagged C17-C20
ip helper-address 30.130.2.21
ip address 30.130.4.1 255.255.255.0
tagged B5-B12,Trk1
exit
vlan 5
name "DIRECTION"
untagged C21-C24
ip helper-address 30.130.2.21
ip address 30.130.5.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "5" out
exit
vlan 6
name "DBAT"
ip helper-address 30.130.2.21
ip address 30.130.6.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "6" out
exit
vlan 7
name "NRB"
ip helper-address 30.130.2.21
ip address 30.130.7.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "7" out
exit
vlan 8
name "FH"
ip helper-address 30.130.2.21
ip address 30.130.8.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "8" out
exit
vlan 9
name "SERVICE"
ip helper-address 30.130.2.21
ip address 30.130.9.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "9" out
exit
vlan 10
name "NPH"
ip helper-address 30.130.2.21
ip address 30.130.10.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "10" out
exit
vlan 12
name "WLAN"
ip address 30.130.1.254 255.255.255.0
tagged B5-B12,Trk1
ip access-group "12" out
exit
radius-server host 30.130.2.21
ip dns server-address priority 1 30.130.2.21
router vrrp
aaa port-access mac-based D13-D24
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree config-name "EQUILIBRAGE_CHARGE"
spanning-tree config-revision 8
spanning-tree instance 1 vlan 1-5
spanning-tree instance 1 priority 0
spanning-tree instance 2 vlan 6-10 12
spanning-tree instance 2 priority 1
spanning-tree priority 0
vlan 1
vrrp vrid 1
owner
virtual-ip-address 30.130.100.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 2
vrrp vrid 1
owner
virtual-ip-address 30.130.2.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 3
vrrp vrid 1
owner
virtual-ip-address 30.130.3.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 4
vrrp vrid 1
owner
virtual-ip-address 30.130.4.1 255.255.255.0
advertise-interval 10
priority 255
exit
exit
vlan 5
vrrp vrid 1
owner
virtual-ip-address 30.130.5.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 6
vrrp vrid 1
backup
virtual-ip-address 30.130.6.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 7
vrrp vrid 1
backup
virtual-ip-address 30.130.7.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 8
vrrp vrid 1
backup
virtual-ip-address 30.130.8.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 9
vrrp vrid 1
backup
virtual-ip-address 30.130.9.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 10
vrrp vrid 1
backup
virtual-ip-address 30.130.10.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 12
vrrp vrid 1
backup
virtual-ip-address 30.130.1.253 255.255.255.0
advertise-interval 10
enable
exit
exit
My problem:
1/ Can't do radius mac auth on d1-d24 on core (core1 auth works)
2/ I have to configure switches to suited the authentification and assignement to vlan. ias is configured ans working) and it works when i do this on core 1. i have 17 switches, do you think all must be configured personnaly?
On switche1 ports:
1-46 mac radius auth
47 connected to core 1
48 connected to core 2
49-50 connected to switch 2
If you can start helping me resolving this conf, il will test and post all infos you need.
Thanks in advance for your help. (this forum is a real help for me!)
David
We just received our new hp cores and switch.
The configuration must be like this.
2 cores 5406zl(core1 and core2) using:
- Redundancy
- Load balancing
- Radius mac auth to authentificate client pc's.
all our servers got 2 nic (teaming in same ip). One nic connect to core1 and the other one to core2.
2610 are linked to both cores (one link to core1 and the other to core 2.
Description of ports for tests:
A1-A24 unused
B1-B4 Trunk between both cores
B5-B12 used to link switchs
B13-B24 unused
C1-C12 unused
C13 link to windows 2003 (AD, DHCP, DNS, IAS) 30.130.2.21
C14-C16 are servers in vlan 3
C17-C20 are servers in vlan 4
C21-C24 are servers in vlan 5
D1-D12 unused
D13-D24 mac auth radius on client directly connected to cores
we have 11 vlans
This is our platform test environnement.
Here is the configuration i have done for core 1: (core2 is attached to this post)
; J8697A Configuration Editor; Created on release #K.13.51
hostname "COEUR1"
ip access-list standard "1"
10 deny 30.130.3.0 0.0.0.255
20 deny 30.130.5.0 0.0.0.255
30 deny 30.130.6.0 0.0.0.255
40 deny 30.130.7.0 0.0.0.255
50 deny 30.130.8.0 0.0.0.255
60 deny 30.130.9.0 0.0.0.255
70 deny 30.130.10.0 0.0.0.255
80 deny 30.130.12.0 0.0.0.255
90 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "3"
10 deny 30.130.2.0 0.0.0.255
20 deny 30.130.100.0 0.0.0.255
30 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "5"
10 deny 30.130.6.0 0.0.0.255
20 deny 30.130.7.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "6"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.7.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "7"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.8.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "8"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.9.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "9"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.8.0 0.0.0.255
50 deny 30.130.10.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "10"
10 deny 30.130.5.0 0.0.0.255
20 deny 30.130.6.0 0.0.0.255
30 deny 30.130.7.0 0.0.0.255
40 deny 30.130.8.0 0.0.0.255
50 deny 30.130.9.0 0.0.0.255
60 deny 30.130.100.0 0.0.0.255
70 permit 0.0.0.0 255.255.255.255
exit
ip access-list standard "12"
10 deny 30.130.100.0 0.0.0.255
20 deny 30.130.2.0 0.0.0.255
30 permit 0.0.0.0 255.255.255.255
exit
module 1 type J8706A
module 2 type J8702A
module 3 type J8702A
module 4 type J8702A
trunk B1-B4 Trk1 Trunk
ip default-gateway 30.130.1.1
ip routing
snmp-server community "public" Unrestricted
snmp-server host 30.130.100.10 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B13-B24,C1-C12,D1-D24
ip helper-address 30.130.2.21
ip address 30.130.100.1 255.255.255.0
tagged B5-B12,Trk1
no untagged C13-C24
ip access-group "1" out
exit
vlan 2
name "SERVEURINTRA"
untagged C14-C16
ip address 30.130.2.1 255.255.255.0
tagged B5-B12,C13,Trk1
exit
vlan 3
name "SERVEUREXTRA"
ip address 30.130.3.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "3" out
exit
vlan 4
name "SI"
untagged C17-C20
ip helper-address 30.130.2.21
ip address 30.130.4.1 255.255.255.0
tagged B5-B12,Trk1
exit
vlan 5
name "DIRECTION"
untagged C21-C24
ip helper-address 30.130.2.21
ip address 30.130.5.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "5" out
exit
vlan 6
name "DBAT"
ip helper-address 30.130.2.21
ip address 30.130.6.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "6" out
exit
vlan 7
name "NRB"
ip helper-address 30.130.2.21
ip address 30.130.7.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "7" out
exit
vlan 8
name "FH"
ip helper-address 30.130.2.21
ip address 30.130.8.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "8" out
exit
vlan 9
name "SERVICE"
ip helper-address 30.130.2.21
ip address 30.130.9.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "9" out
exit
vlan 10
name "NPH"
ip helper-address 30.130.2.21
ip address 30.130.10.1 255.255.255.0
tagged B5-B12,Trk1
ip access-group "10" out
exit
vlan 12
name "WLAN"
ip address 30.130.1.254 255.255.255.0
tagged B5-B12,Trk1
ip access-group "12" out
exit
radius-server host 30.130.2.21
ip dns server-address priority 1 30.130.2.21
router vrrp
aaa port-access mac-based D13-D24
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree config-name "EQUILIBRAGE_CHARGE"
spanning-tree config-revision 8
spanning-tree instance 1 vlan 1-5
spanning-tree instance 1 priority 0
spanning-tree instance 2 vlan 6-10 12
spanning-tree instance 2 priority 1
spanning-tree priority 0
vlan 1
vrrp vrid 1
owner
virtual-ip-address 30.130.100.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 2
vrrp vrid 1
owner
virtual-ip-address 30.130.2.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 3
vrrp vrid 1
owner
virtual-ip-address 30.130.3.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 4
vrrp vrid 1
owner
virtual-ip-address 30.130.4.1 255.255.255.0
advertise-interval 10
priority 255
exit
exit
vlan 5
vrrp vrid 1
owner
virtual-ip-address 30.130.5.1 255.255.255.0
advertise-interval 10
priority 255
enable
exit
exit
vlan 6
vrrp vrid 1
backup
virtual-ip-address 30.130.6.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 7
vrrp vrid 1
backup
virtual-ip-address 30.130.7.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 8
vrrp vrid 1
backup
virtual-ip-address 30.130.8.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 9
vrrp vrid 1
backup
virtual-ip-address 30.130.9.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 10
vrrp vrid 1
backup
virtual-ip-address 30.130.10.2 255.255.255.0
advertise-interval 10
enable
exit
exit
vlan 12
vrrp vrid 1
backup
virtual-ip-address 30.130.1.253 255.255.255.0
advertise-interval 10
enable
exit
exit
My problem:
1/ Can't do radius mac auth on d1-d24 on core (core1 auth works)
2/ I have to configure switches to suited the authentification and assignement to vlan. ias is configured ans working) and it works when i do this on core 1. i have 17 switches, do you think all must be configured personnaly?
On switche1 ports:
1-46 mac radius auth
47 connected to core 1
48 connected to core 2
49-50 connected to switch 2
If you can start helping me resolving this conf, il will test and post all infos you need.
Thanks in advance for your help. (this forum is a real help for me!)
David
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2009 07:15 AM
тАО03-31-2009 07:15 AM
Solution
Can you ping the radius server from the core switch? I don't know if it is good politic to enable ip routing and stp at the same time in the core, o think you must either select one or the other. If you have vrrp i suggest that you have the primium license because vrrp comes with the premium license so OSPF comes too, so i suggest that you use OSPF and vrrp for a good redundancy and forget the stp.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-31-2009 11:32 PM
тАО03-31-2009 11:32 PM
Re: check config and help 2X 5406zl + 17 X 2610
for the first point, it's solved, i can do radius authentification on both cores.
But about ospf, can you help me configuring my cores?
I don't know anything about ospf, but i will have a look to the doc.
thanks for your answer
David
But about ospf, can you help me configuring my cores?
I don't know anything about ospf, but i will have a look to the doc.
thanks for your answer
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-01-2009 01:09 AM
тАО04-01-2009 01:09 AM
Re: check config and help 2X 5406zl + 17 X 2610
Try to use that that documet that i send to you is everything there about OSPF.
Regards.
Regards.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP