HPE Community
Comware Wireless / Unified Series
1849775 Members
2317 Online
104044 Solutions
New Discussion

WX3010 and iMC

 
MarcisB
Occasional Advisor

‎03-07-2013 06:33 AM

‎03-07-2013 06:33 AM

WX3010 and iMC

Hello

 

I've been fighting to make WX3010 work with iMC and 2 domain authentication

I have WX3010 and WA2620-AGN AP.  User should authenticate using their user name and domain, then according to their credentials iMC+UAM would give them one VLAN or another - depending on which domain they are. Also, they should get IP addresses from those VLANs if possible.

My showstopper is WX3010. I have not been able to figure out how to correctly configure it correctly, wifi clients do not get an ip addreses and constantly fail authentication.

If anyone would help me straighten my hands i would be very grateful.

Config of WX3010 follows:

 

#
version 5.20, Release 3111P11
#
sysname WLC
#
info-center loghost 10.32.12.26
info-center synchronous
#
radius nas-ip 10.32.12.28
#
domain default enable uam
#
telnet server enable
#
port-security enable
#
dot1x authentication-method eap
#
portal trap server-down
#
oap management-ip 192.168.10.9 slot 0
#
wlan country-code LV
#
vlan 1
#
vlan 202
description AP DHCP VLAN
#
vlan 504
description LAB net mgmt vlan
#
vlan 507
description WiFi client DHCP VLAN
#
vlan 866
description uam domain users
#
vlan 867
description 2nd domain users
#
radius scheme system
radius scheme uam
server-type extended
primary authentication 10.32.12.26
primary accounting 10.32.12.26
key authentication wx3010
key accounting wx3010
timer realtime-accounting 3
user-name-format keep-original
undo stop-accounting-buffer enable
retry realtime-accounting 1
accounting-on enable
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
domain uam
authentication lan-access radius-scheme uam
authorization lan-access radius-scheme uam
accounting lan-access radius-scheme uam
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki entity https
common-name https
country LV
#
dhcp server ip-pool wifi-mac
network 192.168.100.0 mask 255.255.255.0
option 43 ip-address 192.168.100.1
#
dhcp server ip-pool wifi_ap
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.100.1
#
user-group system
#
local-user admin
password simple admin
authorization-attribute level 3
service-type ssh telnet
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
ssid dot1x
bind WLAN-ESS 2
cipher-suite ccmp
security-ie rsn
service-template enable
#
ssl server-policy ssl
#
user-profile access
#
interface NULL0
#
interface Vlan-interface202
ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface504
ip address 10.32.12.28 255.255.255.248
#
interface Vlan-interface507
ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 202 504 507 866 to 867
#
interface WLAN-ESS0
port access vlan 504
port-security port-mode userlogin-secure-ext
port-security tx-key-type 11key
undo dot1x handshake
undo dot1x multicast-trigger
#
interface WLAN-ESS2
port access vlan 507
port-security port-mode userlogin-secure-ext
port-security tx-key-type 11key
undo dot1x handshake
undo dot1x multicast-trigger
#
wlan ap smnap1 model WA2620-AGN id 1
serial-id 219801A0AA9101G02625
radio 1
service-template 1
radio 2
service-template 1
radio enable
#
ip route-static 0.0.0.0 0.0.0.0 10.32.12.25
#
snmp-agent
snmp-agent local-engineid 800063A203002389A48B7F
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version v2c v3
#
dhcp server forbidden-ip 192.168.10.0 192.168.10.9
dhcp server forbidden-ip 192.168.100.0 192.168.100.9
#
dhcp enable
#
load xml-configuration
#

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.