Comware

hi,

i can't find an exact information for vlan assignment by IDM.
In IDM i have an APG for mac-based auth that should assign one untagged and two tagged vlans to a port after authentication. In the idm access information for the successfully auth. client everything looks fine but the switch didn't assign the vlans to the port.
All vlans are configured in the switch and the ports have only untagged default-vlan in origin state.

Is it impossible to assign multiple vlans by idm for mac-based authentication?
In the known guides and white papers i can see different statements.

Switch Modell is 2610-24/12 Poe (J9085A)
Any ideas?

thanks, markus

>>> Is it impossible to assign multiple vlans by idm for mac-based authentication <<<

I don't know IDM, but generally a MAc-address does not occur in multiple VLAN's.
so your question does sound a little strange.

You'll need the very latest switch software for the 2610 and even then it may not be supported.

See: http://wiki.freeradius.org/HP

For the attribute definitions and how they're used. I've not used IDM personally so I can't offer you any more advice.

Assigning tagged VLANs with Mac-Auth is a perfectly valid use case scenario and is supported.

Hi,

 

multiple authentication on hp procurve port with MAC-Based Auth works perfectly. You need to use hp-egress-vlanID, X times, you need to ste up dynamically a vlan on the port.

For example, i need vlan Tagged 176 and vlan Untagged 162 on a port,

my radius serveur send back

First client HP-Egress-VLANID     +=     838860962 U 162
HP-Egress-VLANID     +=     822083760 T 176

 

Second Client, especially a PC connected trhough ToIp port PC,

HP-Egress-VLANID     +=     838860962 U 162.

 

to help the procedure behave normaly, you have to plug on the ToIP, and start after your PC.

 

Emmanuel