Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

multi vlan assignment on mac-based auth

mwiche
Occasional Advisor

multi vlan assignment on mac-based auth

hi,

i can't find an exact information for vlan assignment by IDM.
In IDM i have an APG for mac-based auth that should assign one untagged and two tagged vlans to a port after authentication. In the idm access information for the successfully auth. client everything looks fine but the switch didn't assign the vlans to the port.
All vlans are configured in the switch and the ports have only untagged default-vlan in origin state.

Is it impossible to assign multiple vlans by idm for mac-based authentication?
In the known guides and white papers i can see different statements.

Switch Modell is 2610-24/12 Poe (J9085A)
Any ideas?

thanks, markus

3 REPLIES
Pieter 't Hart
Honored Contributor

Re: multi vlan assignment on mac-based auth

>>> Is it impossible to assign multiple vlans by idm for mac-based authentication <<<

I don't know IDM, but generally a MAc-address does not occur in multiple VLAN's.
so your question does sound a little strange.

Arran Cudbard Bell
Occasional Visitor

Re: multi vlan assignment on mac-based auth

You'll need the very latest switch software for the 2610 and even then it may not be supported.

See: http://wiki.freeradius.org/HP

For the attribute definitions and how they're used. I've not used IDM personally so I can't offer you any more advice.

Assigning tagged VLANs with Mac-Auth is a perfectly valid use case scenario and is supported.
ereuter
Occasional Visitor

Re: multi vlan assignment on mac-based auth

Hi,

 

multiple authentication on hp procurve port with MAC-Based Auth works perfectly. You need to use hp-egress-vlanID, X times, you need to ste up dynamically a vlan on the port.

For example, i need vlan Tagged 176 and vlan Untagged 162 on a port,

my radius serveur send back

First client HP-Egress-VLANID     +=     838860962 U 162
HP-Egress-VLANID     +=     822083760 T 176

 

Second Client, especially a PC connected trhough ToIp port PC,

HP-Egress-VLANID     +=     838860962 U 162.

 

to help the procedure behave normaly, you have to plug on the ToIP, and start after your PC.

 

Emmanuel