03-09-2017 02:59 AM - edited 03-09-2017 03:01 AM
For a customer I'm trying to figure out the following.
The idea is automatice configuration of HP switches by profiling the devices and assign vlans through policies. I used a guide I found here. Most of it works great but I encountered something I'm not able to figure out.
Customer uses locally bridging access points. They are profiling fine and the switchport receives the propper tagged and untagged vlans
When a 802.1X client connects to the wifi, it gets authenticated by the wifi controller but the switch also does profiling. Even with a rule added to allow through roles [user authenticated] and [machine authenticated], the switchport won't open. The client doesn't receive a DHCP address and with a fixed address I cannot ping the gateway.
A new mac address connecting through wifi gets blocked by the switch altogether because the endpoint is not known and you can only set a single CoA action in the profiler.
It looks like the switchport won't open or the traffic is not receiving the right vlan tag. Show port-acces client details only shows the AP mac address, authentication type is mac-based.
I expected it to work the same like a VoIP phone where a wired device is connected to. the phone gets mac-based authentication and the wired client gets port-based authenticated.
I'm simulating this using a 7005 and a 105 in bridge mode in my lab. I'm using a 2930F version 16.03. vlans are tagged on uplinkport.
anyone got bridged AP profiling working?