- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 802.1x and port-access mac-based config CHAP v2 qu...
Switches, Hubs, and Modems
1752793
Members
6179
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-04-2011 10:49 AM
тАО05-04-2011 10:49 AM
Greetings and thanks for any/all feedback!
Need to support non 802.1x clients such as games systems. Using port-access with MAC authentication on ProCurve switches and I am logging on my Radius server for these non 802.1x clients:
Handshake Authentication Protocol (CHAP).
A reversibly encrypted password does not exist for this user account.
To ensure that reversibly encrypted passwords are enabled,
check either the domain password policy or the password settings on the user account.
Any support for CHAP v2 when the mac-based is used on the following switches?
HP2848, J4904A revision I.10.82
HP2810, J49022A revision N.11.25
HP2910al, J9147A revision W.14.49
Do not want to change active directory to enable storage of a reversibly encrypted form of the password just for support of gaming systems.
Clients using 802.1x get on OK. If client not currently 802.1x capable but able to support, client pushed to registration VLAN 2999 were they will be able to download and configure 802.1x configuration.
~Snip of current config, a MAC authentication client fails on the CHAP login.
; J9022A Configuration Editor; Created on release #N.11.25
hostname "bf1test01"
snmp-server contact "Resnet"
snmp-server location "BF1 "
mac-age-time 7200
time timezone -300
time daylight-time-rule Continental-US-and-Canada
no cdp run
console inactivity-timer 30
ip default-gateway X.X.X.X
sntp server
timesync sntp
sntp unicast
snmp-server host X.X.X.X
vlan 1
name "DEFAULT_VLAN"
untagged 48
ip address X.X.X.X Y.Y.Y.Y
no untagged 1-47
exit
vlan 232
name "BF1_VLAN"
untagged 1-47
no ip address
tagged 48
ip igmp
exit
vlan 2999
name "Quar_VLAN"
no ip address
tagged 48
exit
no lldp run
aaa authentication port-access eap-radius
radius-server host X.X.X.X
aaa port-access authenticator 1-12
aaa port-access authenticator 1 auth-vid 232
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 auth-vid 232
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 auth-vid 232
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 auth-vid 232
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 auth-vid 232
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 auth-vid 232
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 auth-vid 232
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 auth-vid 232
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 auth-vid 232
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 auth-vid 232
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 auth-vid 232
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 auth-vid 232
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-12
aaa port-access mac-based 1 unauth-vid 2999
aaa port-access mac-based 2 unauth-vid 2999
aaa port-access mac-based 3 unauth-vid 2999
aaa port-access mac-based 4 unauth-vid 2999
aaa port-access mac-based 5 unauth-vid 2999
aaa port-access mac-based 6 unauth-vid 2999
aaa port-access mac-based 7 unauth-vid 2999
aaa port-access mac-based 8 unauth-vid 2999
aaa port-access mac-based 9 unauth-vid 2999
aaa port-access mac-based 10 unauth-vid 2999
aaa port-access mac-based 11 unauth-vid 2999
aaa port-access mac-based 12 unauth-vid 2999
password manager
password operator
thanks!
jim
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-05-2011 08:03 AM
тАО05-05-2011 08:03 AM
Solution
Hi Jim,
as fair as I know MS-Chap V2 is only supported on ProVision Devices like 3500/5400/8200. You may build a new trusted tree in the AD-Forrest with its own Group Policy and Radius-Server as a workaround and put the MACs in there.
Cheers
Jens
as fair as I know MS-Chap V2 is only supported on ProVision Devices like 3500/5400/8200. You may build a new trusted tree in the AD-Forrest with its own Group Policy and Radius-Server as a workaround and put the MACs in there.
Cheers
Jens
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-11-2011 02:28 AM
тАО05-11-2011 02:28 AM
Re: 802.1x and port-access mac-based config CHAP v2 question
Thanks Jens!
jim
jim
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP