HPE Community
Comware Based
1848613 Members
7257 Online
104033 Solutions
New Discussion

HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

 
Michael_W
Occasional Advisor

‎03-09-2014 03:19 AM

‎03-09-2014 03:19 AM

HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Hi,

 

I want to get some idea on HP 5500 and HP 2530 switches configuration with setup as pdf attached

 

 

Overview


Wireless users will be dynamically assigned into their own user vlan based on NPS

 

 

My Configuration Plan:

 

HP5500SI as core switch

- Configure vlan 10,20,30 and interface vlan 10,20,30

- Configure trunk port to HP2530

   - int gi 1/0/24

   - port trunk permit vlan 10 20 30

- Configure trunk port to Wireless Controller

- Configure Access vlan 10 port to NPS

 

HP2530G

- Configure vlan 10,20,30

- Configure trunk port to HP5500

   - vlan 10 - tagged eth 24

   - vlan 20 - tagged eth 24

   - vlan 30 - tagged eth 24

- Configure dot1x globally

- Configure radius info

- Configure dot1x on port connected to wireless AP

   - int eth 23

   - enable dot1x

 

 

Are these switches setup and configuration work correctly or there is still configuration missing?

Any suggestion would be much appreciated.

 

Thanks

 

 

 

0 Kudos
3 REPLIES 3
Praveen_D
Advisor

‎03-10-2014 12:18 PM

‎03-10-2014 12:18 PM

Re: HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Please check these points ,

In wireless controller :

1. Create Radius profile

2. Configure remote 802.1xauthentication in VSC

 

For wireless users to authenticate RADIUS server , what type of EAP method are you using ,

 

 

Do you want to authenticate  AP also  with 802.1x .

and you have to tag Vlan 20 and Vlan 30 on the access switch port connected to AP  .

 

R/

 

 

 

0 Kudos
Michael_W
Occasional Advisor

‎03-10-2014 06:59 PM

‎03-10-2014 06:59 PM

Re: HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Thanks for your reply.

 

Im using Aruba controller and AP actually. Yes wireless users need tu authenticate using 802.1x. This part will be done at controller site.

 

My concern is actually on HP switch configuration. As im not very familiar with HP2530.

So, according to you the switch port that connected to the AP need to tag vlan 20 and 30?

What if I untagged it as vlan 10 (management) but inside the controller have all the vlan ?

 

 

AP ----------------------HP2530---------------------------HP5500----------------------------Controller

             tagged vlan 10                          tagged vlan 10 20 30                       tagged vlan 10 20 30

 

 

0 Kudos
Praveen_D
Advisor

‎03-10-2014 09:35 PM

‎03-10-2014 09:35 PM

Re: HP5500 + 2530 --> dot1x + NPS, dynamic assigned vlan

Dear you have to tagg vlan 20 and 30 otherwise , other wise you have to use HP MTM feature (hp wireless controller case) auruba i dont know . vlan 10 for the managemnet if you enable HP MTM feature vlan 20 and 30 will tullel traffic (data) up to the controller .  i think on the Aruba wireless controller you have to enable same feature -HP MTM . then only vlan 20 and 30 will pass .

 

better you can tagg the vlan 20 and 30 .

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.