HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Web and Unmanaged
cancel
Showing results for 
Search instead for 
Did you mean: 

Hybrid port with RADIUS-based VLAN

 
vnemeth
Occasional Contributor

Hybrid port with RADIUS-based VLAN

On a V1910 (JE009A), I'm trying to set up a hybrid port which assigns VLAN IDs to MAC addresses based on the configured RADIUS server's (freeradius, but doesn't matter I think) response.

Example:

  1. device_1 with MAC = 0000-1111-1111 appears on the port
  2. the switch sends an auth request to the RADIUS server with username = '000011111111'
  3. the RADIUS server replies (an Access-Accept) with the proper Tunnel-* attributes which are casually used in dot1x + dynamic VLAN assignment, setting the VLAN ID for this 'user' to 10
  4. from now on the switch uses VLAN 10 for device_1
  5. device_2 with MAC = 0000-2222-0000 appears on the same port (say they're behind an unmanaged switch)
  6. the switch sends an auth request with username = '000022220000'
  7. the server replies like in step 3, only with a different VLAN ID, say 20
  8. from now on, device_2's traffic uses VLAN 20, while device_1's traffic still uses VLAN 10 (like in a standard, static hybrid port scenario)

I'm stuck at step 4 & 8: RADIUS replies with an Access-Accept which contains the configured Tunnel-* attributes, but the port/VLAN doesn't change, here's its state:

[switch-GigabitEthernet1/0/32]dis mac-au i g 1/0/32
MAC address authentication is enabled.
 User name format is MAC address in lowercase, like xxxxxxxxxxxx
 Fixed username:mac
 Fixed password:not configured
         Offline detect period is 300s
         Quiet period is 60s
         Server response timeout value is 100s
         The max allowed user number is 1024 per slot
         Current user number amounts to 2
         Current domain is test

Silent MAC User info:
         MAC Addr         From Port                    Port Index

GigabitEthernet1/0/32 is link-up
  MAC address authentication is enabled
  Authenticate success: 0, failed: 0
 Max number of on-line users is 256
  Current online user number is 2
         MAC Addr         Authenticate State           Auth Index
         0000-1111-0000   MAC_AUTHENTICATOR_CONNECT     65
         0000-2222-0000   MAC_AUTHENTICATOR_CONNECT     66

 

Is such a setup technically possible?