- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 801.1x authentication on a core / edge topoligy?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2011 02:16 AM
тАО03-08-2011 02:16 AM
801.1x authentication on a core / edge topoligy?
I need to deploy 802.1x on my company's network, i tried on a test lab (Windows Server 2008 R2 with NAP and a 5406zl switch) and i got it working fine.
The setup i want, is so, all ports needs to be authenticated to get on the company network, and if they are not authenticated, they are moved to the guest VLAN, i got the Windows config down, but im having some trouble with the Procurve switches.
I have a 5406zl as a edge switch, and one as a core switch.
So far im only testing on one port, and i tried this config on the edge switch:
radius-server host x.x.x.x key secret
aaa authentication port-access eap-radius authorized
aaa port-access authenticator A20
aaa port-access authenticator active
and i verified that the setup on the Windows server was correct.
I am thinking i might need some config on the core switch, to get this to work, and i was hopeing someone in here had some experiense i could sponge of off ;)
Thank you in advance!
My english might not be so good, so just attached a picture, to make sure you know what my setup is :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2011 06:06 AM
тАО03-08-2011 06:06 AM
Re: 801.1x authentication on a core / edge topoligy?
aaa port-access authenticator A20 unauth-vid 99
--
You don't need any core config for 802.1X support, except to make sure:
1) the vlans the users are assigned by radius policies are available on the edge switches and of course have access to their default gateways (where ever that may be) after they are auth. [if radius returns auth to the switch with vlan assignment, and the switch does not have the vlan configured on it, the switch will fail the auth]
2) the edge switch has access to the radius server
--
If you do not choose to assign vlans via radius, then you could use this command if all auth devices goto the same vlan on the edge switch:
aaa port-access authenticator A20 auth-vid 220
--
hth...Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2011 07:51 AM
тАО03-08-2011 07:51 AM
Re: 801.1x authentication on a core / edge topoligy?
Thanks for your answer, and the command for un-auth VLAN you gave me is working like a charm!
But when i do my show radius authentication command the switch dosent send anything to the radius server. - But, every time a new client is attached to the network, the switch should ask the radius server, right?
But thank you very much for your answer so far! Ive been on this for 4 hours now ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2011 08:05 AM
тАО03-08-2011 08:05 AM
Re: 801.1x authentication on a core / edge topoligy?
Thank you so much! :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2011 08:06 AM
тАО03-08-2011 08:06 AM