HPE Community
Switches, Hubs, and Modems
1825512 Members
2020 Online
109681 Solutions
New Discussion юеВ

Reg:radius server authentication

 
SOLVED
Go to solution
support center
Advisor

тАО05-12-2008 01:19 AM

тАО05-12-2008 01:19 AM

Reg:radius server authentication

Dear sir,

Iam having hp-3500yl and hp-2510-24 and radius server.

Now i configured the 3500yl for radius authentication its working fine now i want connect 3500yl to 2510-24 switch .

How can i configure 2510-24 switch to act as client switch.

Regards
srini
9246571397
0 Kudos
17 REPLIES 17
cenk sasmaztin
Honored Contributor

тАО05-12-2008 04:16 AM

тАО05-12-2008 04:16 AM

Solution

Re: Reg:radius server authentication

hi..
you can make 3500 switch connect 2510 and you make 802.1x config 2510 switch

same radius config and port access config like 3500 on 2510 switch and you create 3500 to 2510 uplink port unauthentication port and each uplink port(on 3500 and 2510)untag vlan 1 tag all other vlans

good luck

cenk

support center
Advisor

тАО05-12-2008 06:11 AM

тАО05-12-2008 06:11 AM

Re: Reg:radius server authentication

Dear sir,

Thanks for ur reply and can i get some examples or sample config.

I will be greatfull to u if this helps


Regards
srini

0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-12-2008 07:58 AM

тАО05-12-2008 07:58 AM

Re: Reg:radius server authentication

hi
int 26 uplink port for 3500 connection and vlan 1 untag member other all vlan
tag member you make same config 3500 uplink port
only managemet vlan assign ip address
this switch make only layer 2 operation therefore no need other vlan assign ip address.
good luck...


Running configuration:

; J4900B Configuration Editor; Created on release #H.10.50

hostname "2510"
interface 1
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
interface 11
no lacp
exit
interface 12
no lacp
exit
interface 13
no lacp
exit
interface 14
no lacp
exit
interface 15
no lacp
exit
interface 16
no lacp
exit
interface 17
no lacp
exit
interface 18
no lacp
exit
interface 19
no lacp
exit
interface 20
no lacp
exit
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-20,24-25,26
ip address 192.168.0.2 255.255.255.0

no untagged 21-23
exit
vlan 10
name "VLAN10"
untagged 21
tagged 26
exit
vlan 20
name "VLAN20"
untagged 22
tagged 26
exit
vlan 30
name "VLAN30"
untagged 23
tagged 26
exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 192.168.1.165 key xxxxx
aaa port-access authenticator 1-20
aaa port-access authenticator active
aaa port-access 1-20

cenk

support center
Advisor

тАО05-15-2008 07:29 AM

тАО05-15-2008 07:29 AM

Re: Reg:radius server authentication

Dear sir,

Thanks for ur valuble support and one more small doubt is there any changes on 3500yl switch and alredy i attached the existing config and give me the suggession.

Iam very greatfull to u .

Regards
srini
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-15-2008 07:47 AM

тАО05-15-2008 07:47 AM

Re: Reg:radius server authentication

hi Srini

I definition config for only 2510 switch

can you want attach 3500 switch with 2510
you 3500 switch true config and working fine ok I understand .My simple config for 2510

only for 3500 switch config uplink port(to2510)

good luck
cenk

support center
Advisor

тАО05-15-2008 09:01 AM

тАО05-15-2008 09:01 AM

Re: Reg:radius server authentication

Dear cenk sasmaztin ,


Thanks for ur valuble information and i undestand ur point and i ean my l3 switch is working fine and tomorrow i going to test with 2510 switch and i will try ur config if any problem is there i will update the case plz help me in this.

Iam very thankfull and greatfull to u.

Thanks&Regards
srini
0 Kudos
support center
Advisor

тАО05-17-2008 04:51 AM

тАО05-17-2008 04:51 AM

Re: Reg:radius server authentication

Dear sir,

Thanks for ur reply and i done the same config on 2510 but from 2510 iam unable to ping radius server and it was showing network is unreacgble to this vlan

plz help me in this and i attached my l3 config plz go through that and according to that plz give me reply.

Regards
srini
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-17-2008 09:20 AM

тАО05-17-2008 09:20 AM

Re: Reg:radius server authentication

please send 3500 and one 2510 sh config print
cenk

cenk sasmaztin
Honored Contributor

тАО05-17-2008 09:39 AM

тАО05-17-2008 09:39 AM

Re: Reg:radius server authentication

you reside default vlan on all user default vlan for only management.don't use default vlan for user network connection.

your radius .dc.dhcp server in vlan 10
all vlan member take on dhcp ip address with ip helper command

but 2510 not routing switch this swithc only L2 operation
there fore not assign ip address vlans on 2510 switch

you create all on switch vlan 60 and you assign this vlan managemet vlan and assign new managemet ip address this vlans

simple
3500(config)#vlan 40
3500config(vlan 40)#ip address 10.0.10.1/24
3500(config)#managemet-vlan 40


1-2510(config)#vlan 40
1-2510config(vlan 40)#ip address 10.0.10.2/24
1-2510(config)#managemet-vlan 40

2-2510(config)#vlan 40
2-2510config(vlan 40)#ip address 10.0.10.3/24
2-2510(config)#managemet-vlan 40

.......
...
..

now vlan 1 freedom and only vlan 1 ip address on 3500 switch
only vlans ip address 3500 switch
other 2510 switch only managenmet vlan ip address for managemet

and you remember all uplink port vlan 1 untag other vlan tag port

and your system managemetp pc for config and viewing reside on vlan 60 untag port

cenk
cenk

cenk sasmaztin
Honored Contributor

тАО05-17-2008 09:47 AM

тАО05-17-2008 09:47 AM

Re: Reg:radius server authentication

in this way
runing routing operation only 3500 switch
other 2510 switches only L2 operation on your system and vlan 60 managemet vlan for configuration and view all system

you can not ping radius server because we assign vlan 1 ip address on 2510 switches
not routing this new ip address on your system because you users ip default gateway vlan 1 ip address there fore not ping other vlan or internet in this vlan

I hope understand

cenk
cenk

cenk sasmaztin
Honored Contributor

тАО05-17-2008 10:13 AM

тАО05-17-2008 10:13 AM

Re: Reg:radius server authentication

and you see carefully my config vlan name and your config vlan name vlan 10 name must be same all switch and vlan 20 and vlan 30 and v├Е an 60


cenk
cenk

support center
Advisor

тАО05-17-2008 11:59 AM

тАО05-17-2008 11:59 AM

Re: Reg:radius server authentication

Dear sir,

Thank u very much for ur coperation and i given my current setup and l3(3500yl)and 2510(l2) config also.
iam requesting u plz go through the attchment and give me ur suggession .

So that i am very great full to u if don this.

Thanks&Regards
srini
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-18-2008 10:29 PM

тАО05-18-2008 10:29 PM

Re: Reg:radius server authentication

hi Srini

I no read your attach
what is this ?
I want read 3500 and 2510 show run print

cenk
cenk

support center
Advisor

тАО05-19-2008 12:15 AM

тАО05-19-2008 12:15 AM

Re: Reg:radius server authentication

Dear Sir,

This is my current setup--Hi,


Current Setup:

uplink 26 uplink 24 DHCP/
PC -----> L2 -----> L3 ------> RADIUS
WinXP 2510 3500yl SERVER
192.168.1.165



PFA config of 2510 and 3500yl ... what else need to be done
so that PC users can be assigned a VLAN based on 802.1x authentication

Thanks in advance,
And config of 3500yl--
hostname "ProCurve Switch 3500yl-24G"
ip default-gateway 192.168.1.165
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-4,6-14,16-24
ip address 192.168.0.1 255.255.255.0
no untagged 5,15
exit
vlan 10
name "vlan1"
untagged 5
ip helper-address 192.168.1.165
ip address 192.168.1.1 255.255.255.0
tagged 24
exit

vlan 20
name "valn2"
untagged 15
ip helper-address 192.168.1.165
ip address 192.168.2.1 255.255.255.0
tagged 24
exit
vlan 30
name "vlan3"
ip helper-address 192.168.1.165
ip address 192.168.3.1 255.255.255.0
tagged 24
exit

primary-vlan 10

aaa port-access authenticator active


1HProCurve Switch 3500yl-24G#Running configuration:


; J9019A Configuration Editor; Created on release #Q.10.01

2510 config------------------
hostname "ProCurve Switch 2510-24"

snmp-server community "public" Unrestricted

snmp-server host 192.168.1.165 "public"

vlan 1

name "DEFAULT_VLAN"

untagged 1-4,6-14,16-26

ip address 192.168.0.2 255.255.255.0

no untagged 5,15

exit

vlan 10

name "vlan1"

untagged 5
tagged 26


exit

vlan 20

name "VLAN2"

untagged 15
tagged 26


exit

vlan 30

name "vlan3"

tagged 26

exit

aaa authentication port-access eap-radius

radius-server host 192.168.1.165 key test

primary-vlan 10

aaa port-access authenticator 5,15

aaa port-access authenticator 5 unauth-vid 10

aaa port-access authenticator 15 unauth-vid 10

aaa port-access authenticator active

aaa port-access supplicant 5,15


1HProCurve Switch 2510-24#


plz help me in this i will be very very thankfull and greatfull to u.

Thanks&Regards
srini

0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-19-2008 03:06 AM

тАО05-19-2008 03:06 AM

Re: Reg:radius server authentication

Hi Srini
we talk about your configuration, in this case very composite
therefore I create new config will for you .

below config for 3500 and 2510 at the same time you can make radius ,ias and dhcp server config
not:for dhcp server config you must be make two scobe vlan 1 and vlan 4
authentication user take ip address vlan1 scobe
unauthentication user take ip address vlan 4 scobe

cenk

-----------------------------------------------
3500-3500-3500-3500
-----------------------------------------------
hostname "3500"
interface 1
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
interface 11
no lacp
exit
interface 12
no lacp
exit
interface 13
no lacp
exit
interface 14
no lacp
exit
interface 15
no lacp
exit
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "foruser"
untagged 1-15,18-19,21-26
ip address 192.168.0.1 255.255.255.0
no untagged 16-17,20
exit
vlan 2
name "forserver"
untagged 16
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.165
tagged 24
exit
vlan 3
name "xxx1"
untagged 17
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.165
tagged 24
exit
vlan 4
name "xxx2"
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.165
tagged 24
exit
vlan 40
name "formanagemet"
untagged 20
ip address 10.0.0.1 255.255.255.0
tagged 24
exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 192.168.1.165 key test
management-vlan 40
aaa port-access authenticator 1-15
aaa port-access authenticator 1 auth-vid 1
aaa port-access authenticator 1 unauth-vid 4
aaa port-access authenticator 2 auth-vid 1
aaa port-access authenticator 2unauth-vid 4
aaa port-access authenticator 3 auth-vid 1
aaa port-access authenticator 3 unauth-vid 4
aaa port-access authenticator 4 auth-vid 1
aaa port-access authenticator 4 unauth-vid 4
aaa port-access authenticator 5 auth-vid 1
aaa port-access authenticator 5 unauth-vid 4
aaa port-access authenticator 6 auth-vid 1
aaa port-access authenticator 6 unauth-vid 4
aaa port-access authenticator 7 auth-vid 1
aaa port-access authenticator 7 unauth-vid 4
aaa port-access authenticator 8 auth-vid 1
aaa port-access authenticator 8 unauth-vid 4
aaa port-access authenticator 9 auth-vid 1
aaa port-access authenticator 9 unauth-vid 4
aaa port-access authenticator 10 auth-vid 1
aaa port-access authenticator 10 unauth-vid 4
aaa port-access authenticator 11 auth-vid 1
aaa port-access authenticator 11 unauth-vid 4
aaa port-access authenticator 12 auth-vid 1
aaa port-access authenticator 12 unauth-vid 4
aaa port-access authenticator 13 auth-vid 1
aaa port-access authenticator 13 unauth-vid 4
aaa port-access authenticator 14 auth-vid 1
aaa port-access authenticator 14 unauth-vid 4
aaa port-access authenticator 15 auth-vid 1
aaa port-access authenticator 15 unauth-vid 4
aaa port-access 1-15

----------------------------------------------------------------
2510-2510-2510-2510
----------------------------------------------------------------


hostname "2510"
max-vlans 64
interface 1
no lacp
exit
interface 2
no lacp
exit
interface 3
no lacp
exit
interface 4
no lacp
exit
interface 5
no lacp
exit
interface 6
no lacp
exit
interface 7
no lacp
exit
interface 8
no lacp
exit
interface 9
no lacp
exit
interface 10
no lacp
exit
interface 11
no lacp
exit
interface 12
no lacp
exit
interface 13
no lacp
exit
interface 14
no lacp
exit
interface 15
no lacp
exit
interface 16
no lacp
exit
interface 17
no lacp
exit
interface 18
no lacp
exit
interface 19
no lacp
exit
interface 20
no lacp
exit
snmp-server community "public" Unrestricted
vlan 1
name "foruser"
untagged 1-20,23-25
no ip address
tagged 26
no untagged 21-22
exit
vlan 3
name "xxx1"
untagged 21
tagged 26
exit
vlan 4
name "xxx2"
untagged 22
tagged 26
exit
vlan 40
name "formanagem"
ip address 10.0.0.2 255.255.255.0
tagged 26
exit
aaa authentication port-access eap-radius
aaa accounting network start-stop radius
radius-server host 192.168.1.165 key test
management-vlan 40
aaa port-access authenticator 1-20
aaa port-access authenticator 1 auth-vid 1
aaa port-access authenticator 1 unauth-vid 4
aaa port-access authenticator 2 auth-vid 1
aaa port-access authenticator 2 unauth-vid 4
aaa port-access authenticator 3 auth-vid 1
aaa port-access authenticator 3 unauth-vid 4
aaa port-access authenticator 4 auth-vid 1
aaa port-access authenticator 4 unauth-vid 4
aaa port-access authenticator 5 auth-vid 1
aaa port-access authenticator 5 unauth-vid 4
aaa port-access authenticator 6 auth-vid 1
aaa port-access authenticator 6 unauth-vid 4
aaa port-access authenticator 7 auth-vid 1
aaa port-access authenticator 7 unauth-vid 4
aaa port-access authenticator 8 auth-vid 1
aaa port-access authenticator 8 unauth-vid 4
aaa port-access authenticator 9 auth-vid 1
aaa port-access authenticator 9 unauth-vid 4
aaa port-access authenticator 10 auth-vid 1
aaa port-access authenticator 10 unauth-vid 4
aaa port-access authenticator 11 auth-vid 1
aaa port-access authenticator 11 unauth-vid 4
aaa port-access authenticator 12 auth-vid 1
aaa port-access authenticator 12 unauth-vid 4
aaa port-access authenticator 13 auth-vid 1
aaa port-access authenticator 13 unauth-vid 4
aaa port-access authenticator 14 auth-vid 1
aaa port-access authenticator 14 unauth-vid 4
aaa port-access authenticator 15 auth-vid 1
aaa port-access authenticator 15 unauth-vid 4
aaa port-access authenticator 16 auth-vid 1
aaa port-access authenticator 16 unauth-vid 4
aaa port-access authenticator 17 auth-vid 1
aaa port-access authenticator 17 unauth-vid 4
aaa port-access authenticator 18 auth-vid 1
aaa port-access authenticator 18 unauth-vid 4
aaa port-access authenticator 19 auth-vid 1
aaa port-access authenticator 19 unauth-vid 4
aaa port-access authenticator 20 auth-vid 1
aaa port-access authenticator 20 unauth-vid 4
aaa port-access authenticator active
aaa port-access 1-20
cenk

support center
Advisor

тАО05-22-2008 05:01 AM

тАО05-22-2008 05:01 AM

Re: Reg:radius server authentication

Dear Cenk,

Thanks for ur valuble and great support on my case .Iam very very thankfull to u.Now i configured as per ur config file which i received from u.It was working fine.

Thanks a lot.

Thnka for HP-Tech team and NAZAR also.

THanks&Regards
srini
0 Kudos
cenk sasmaztin
Honored Contributor

тАО05-22-2008 07:13 AM

тАО05-22-2008 07:13 AM

Re: Reg:radius server authentication

welcome Srini :)
cenk

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.