Comware

 View Only
Expand all | Collapse all

dynamic vlan assignment via 802.1x

This thread has been viewed 9 times
  • 1.  dynamic vlan assignment via 802.1x

    Posted Mar 03, 2008 11:09 AM
    i'm trying to setup port based authentication in a lab environment. I seem to have everything working (PKI, IAS 2003, provurve 2524, AD). I have one lingering question. Everything I've been looking at so far seems to indicate that the extent of the vlan assignment abilities are either authenticated or unauthenticated. In other words, it seems that there are only one or two vlans that can be used with port based authentication.

    I would like to setup a guest vlan for un-authenticated user, and I would like the authenticated users to be assigned to a vlan based on securtiy group. For example, admissions should go to vlan 4, factulty should go to vlan 3, IT should go to vlan 7. Is this sort of thing possible, or do can I only use two vlans when it comes to 802.1x.

    Thanks in advance.


  • 2.  RE: dynamic vlan assignment via 802.1x

    Posted Mar 03, 2008 02:04 PM
    you can certainly have auto-vlan assignment via radius config parms and the switch upon a successful auth...

    however, it requires 3 radius attributes to be configured for each radius profile you config (admin, faculty, etc)...

    see this section for some of the info:
    ftp://ftp.hp.com/pub/networking/software/2300-2500-RelNotes-f0560-59903102.pdf

    the 3 radius attributes to set in each radius profile are:

    Tunnel-Type
    Tunnel-Medium-Type
    Tunnel-Pvt-Group-ID - you config a dec value for the vlan number

    these are set under the advanced tab of the radius profile you are editing...


    here is another good ref for the microsoft side of the config:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=05951071-6b20-4cef-9939-47c397ffd3dd&displaylang=en


    hth...jeff


  • 3.  RE: dynamic vlan assignment via 802.1x

    Posted Mar 03, 2008 04:20 PM
    That worked great! Thanks.