- Community Home
- >
- Networking
- >
- IMC
- >
- [Help} Guest Access
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 05:38 PM - edited 11-04-2014 05:45 PM
11-04-2014 05:38 PM - edited 11-04-2014 05:45 PM
[Help} Guest Access
I'm trying to deploy the guest function of UAM (not the GAM for comware) for WIRED devices as well as wireless. I'm missing something as its not behaving as I would think from reading the docs.
My interpretation is that a guest user would connect to the network and be directed to a registration/self service page. Then the guest manager would "approve" the registered user and assign to a service/policy with more priveleges, associating the MAC address with the user id provisioned by the user.
The switch has been configured for mac auth and successfully authenticates.
I'm trying to use the process model highlighted in the youtube video for UAM 5.2 and the ipads - a registration vlan and an access vlan. The registration vlan points to IMC as DNS, the user is sent to the registration site, then the registered user is disconnected from the reg vlan and added to the access vlan:
IMC 5.2 BYOD Guest Authentication Overview
So I've created the 2 vlans - I set up the Byodanonymous user, assigned an access service which deploys the registration vlan. Connected it to MS DHCP server with DNS > iMC, installed the dhcp plugin.
I set up a MAC authentication page push policy with separate subpolicies for access swicth and time of day.
The PC connects to the switch and MAC is authetnicated as the BYODanonymous user, gets an ip address and dns server.
However when the laptop connects no registration page is "pushed" to the user when I open a browser and site. No name resolution is occuring so page not found instead. Can ping but not resolve.
What step(s) am I missing to have the MAC authentication at the switch trigger the registration page? thx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2014 07:12 PM
11-04-2014 07:12 PM
Re: [Help} Guest Access
The short answer is DNS. There was a change in the way the re-direct is done since that video. Re-direct is no longer done via DNS, and their is no DNS proxy on the IMC server, so no resolution is done.
The re-direct has to be done in hardware now with a comware based device (it's only really needed on the onboarding/registration VLAN). Do you have a portal-redirect configured on the registration VLAN (generally done on the gateway for that subnet, and must be a comware device)??
The Portal-redirect configuration will handle the re-direct so no need for the DNS hi-jack. Just configure DHCP to handout the normal DNS servers.
PL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2014 09:28 AM
11-05-2014 09:28 AM
Re: [Help} Guest Access
Thanks for the quick reply - at least I can stop banging my head in that particular spot.
Arrggh - no comware device currently serving as gateway. Currently using a Procurve zl TMS module to handle inside routing and firewall on a 5412zl chassis.
So the entire suite of guest options depends on having comware??? The docs do not convey that fact - only that GAM is dependent on comware.
My only comware devices are two 5900-AF-48XGT-4QSFP+ which backbone my vmware environment. (comware device management is one of the reasons for migrating from PCM - the other being the rumored/someday demise of PCM)
So imc is running on the vm hosts, and I could make the regsitration vlan avaialble to that device, but beyond that....
Still a comware novice - so not sure how portal redirect would be implented in that context (I found portal redirect exactly 1 time in UAM docs), so if you could elaborate on the process a bit or point me to some specifics would be appreciated.
Worst case since my environment is not that big, is to just let them fail, and use the auth failure log and the apply button to turn them into real users...Probably about the same effort but not so elegant.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2014 07:41 AM
11-08-2014 07:41 AM
Re: [Help} Guest Access
Hi Neil,
The portal redirect feature is being rolled out on the Provision products as well.
HP has just released the K.15.16.0004 for the 5400/3500/3800 platform, and this release includes the portal redirect.
I have not actually tested it so far, but you can give it a try if you have a test switch.
Hope this helps,Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2014 04:48 PM
11-08-2014 04:48 PM
Re: [Help} Guest Access
Do those have to be the access port switches? If so then not going to work for me - all my access ports are 2910 and 2915.
thx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2014 01:41 PM
11-09-2014 01:41 PM
Re: [Help} Guest Access
Hi Neil,
I would say typically no, since you just run this on the switch which provides the L3 gateway for the onboarding subnet.
I just finished a sample test config and it worked using a 3500 as L3 gateway (I used it in combination with a Unified wireless controller, but that is not relevant here).
See http://abouthpnetworking.com/2014/11/09/provision-supports-portal-redirect-for-byod-use/ for the sample configuration,
Hope this helps,Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2014 09:05 AM
11-10-2014 09:05 AM
Re: [Help} Guest Access
OK - that looks like I could make it work but it will take me a few steps to get there.
and thanks for the link to the abouthpnetworking.com site - looks like a good collection of information.