Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

radius mac-based auth on 2524?

 
Highlighted
Occasional Contributor

radius mac-based auth on 2524?


hello,
I am enabling mac-based authentication on
several procurve switches.
while on 2600 series it is easy, it looks more difficult on the 2500. I did look in the manual and in this forum, without finding examples.
Any help? thanks, bye.
6 REPLIES 6
Highlighted
Honored Contributor

Re: radius mac-based auth on 2524?

hi
same config 2600 with 2500 switch mac-based authentication config
cenk
---------------------------------------------
Specify the format of the MAC address; must match what was configured on the RADIUS serverâ Switch(config)# aaa port-access mac-based addr-format â ¢Specify port under MAC authcontrol â Switch(config)#aaa port-access mac-based [e]


Additional MAC-authport parameters:-Allows client moves between the specified ports under MAC authcontrol without requiring a reauthentication:-aaa port-access web-based [e] < port-list> [auth-vid ]] no] aaa port-access mac-based [e] < port-list > [addr-moves]-Specifiesthe period, in seconds, that the switch enforces for an implicit logoff:-aaa port-access mac-based [e] < port-list > [logoff-period] <60-9999999>]-Forcesa reauthentication of all attached clients on the port:-aaa port-access mac-based [e] < port-list > [reauthenticate]-Specifies the period, in seconds, the switch waits for a serverresponse to an authentication request:-aaa port-access mac-based [e] < port-list > [server-timeout <1 -300>] -Specifies the VLAN to use for a client that fails authentication. If unauth-vid is 0, no VLAN changes occur.-aaa port-access mac-based [e] < port-list > [unauth-vid]
cenk

Highlighted
Honored Contributor

Re: radius mac-based auth on 2524?

SORRY..!
I think you switch 2510 because you have swich 2524

please see link in(page38) ;for 2524 switch mac-authentication configuration info

http://cdn.procurve.com/training/Manuals/2300-2500-RelNotes-F0565-59903102.pdf
cenk

Highlighted
Honored Contributor

Re: radius mac-based auth on 2524?

There is no web or mac auth on the 2500 switches. You'll need to upgrade or use 802.1X.
Highlighted
Honored Contributor

Re: radius mac-based auth on 2524?

for mac based authentication on 2524 switch you make 802.1x and port security config please see above link in guide

cenk
cenk

Highlighted
Occasional Contributor

Re: radius mac-based auth on 2524?

Sorry, but I didn'find any configuration example in the link that you point
for 802.1x, perhaps it may be something like

aaa authen port-acc eap-radius

I would like to avoid a lot of tries...

the manuals tell that the switch can do 802.1x,
ok, but should show how configure it too...
Thanks, bye.


Highlighted
Honored Contributor

Re: radius mac-based auth on 2524?

hi port security and 802.1x configuration best way mac authentication on 2524 switch

frist config port security on switch

config)# port-security 1-20 learn-mode static address-limit 1 action send-disable

port security operation stand alone very succesful mac authentiation operation because use with 802.1x very very good.


secont config 802.1x on 2524

(config)#radius-server host 100.100.100.80 key procurve
config)#aaa authentication port-access eap-radius
config)#aaa accounting network start-stop radius

config)aaa port-access authenticator 1-20 control auto

config)#aaa port access authenticator active
cenk