Security

last person joined: 7 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

1920S: VLAN assigned by RADIUS not working

  • 1.  1920S: VLAN assigned by RADIUS not working

    Posted Sep 23, 2018 12:05 PM

    Hello all,

     

    I'm currently trying to configure a HP 1920s to provide RADIUS-dependent VLAN allocation. The dynamically configured ports will be used to connect docking stations and switch VLANs dependend on the connected notebook. Since the notebooks themselves are used in serveral locations using tagged VLAN configs is not possible, i.e. the switch has to map the VLAN as untagged.

     

    The RADIUS authentication itself is working, both according to the RADIUS-log and the switch' UI:

    hp_log.JPGradius_log.JPG

    However the notebooks are unable to send and/or receive packages. DHCP fails with a timeout and after assigning a static IP all connection attempts time out.

     

    The switch port (3) is configured as follows regarding VLAN:

    vlan_config.JPG

    Any help is appreciated. If you need further information regarding the configuration I will provide them asap.

     

    Thanks,

    Alex

     



  • 2.  RE: 1920S: VLAN assigned by RADIUS not working

    Posted Jun 24, 2019 10:10 AM

    Hi AlexanderK, could you solve it? Because i have the same problem.



  • 3.  RE: 1920S: VLAN assigned by RADIUS not working

    Posted Jun 25, 2019 04:59 AM

    What attribut do you are using ?



  • 4.  RE: 1920S: VLAN assigned by RADIUS not working

    Posted Jun 25, 2019 02:46 PM

    Hi alagoutte, i am using egress-VLANID(56) attribute but the switch dont tagged the vlan.



  • 5.  RE: 1920S: VLAN assigned by RADIUS not working

    Posted Jun 25, 2019 03:08 PM

    Hi Aguirao,

     

    yes, I got it to work in the end. The RADIUS-Ports (2+3) have the following VLAN config:

    vlan.PNG

    The difference to the old config is that the VLANs which should be assigned by RADIUS are configured as Tagged VLANs on that port. Upon successful authentication they are mapped as untagged VLAN.

     

    In my case VLANs 10 and 30 are assigned by RADIUS while 50 is a guest network for unauthenticated devices.

     

    On the radius server I use the following attributes:

    Tunnel-Type = VLAN,
    Tunnel-Medium-Type = IEEE-802,
    Tunnel-Private-Group-ID = "10"

     

    Hope this helps,

    Alexander