Comware

 View Only

  • 1.  radius mac-based auth on 2524?

    Posted Jun 05, 2008 09:11 AM

    hello,
    I am enabling mac-based authentication on
    several procurve switches.
    while on 2600 series it is easy, it looks more difficult on the 2500. I did look in the manual and in this forum, without finding examples.
    Any help? thanks, bye.


  • 2.  RE: radius mac-based auth on 2524?

    Posted Jun 05, 2008 09:54 AM
    hi
    same config 2600 with 2500 switch mac-based authentication config
    cenk
    ---------------------------------------------
    Specify the format of the MAC address; must match what was configured on the RADIUS serverâ Switch(config)# aaa port-access mac-based addr-format <NO-DELIMITER>â ¢Specify port under MAC authcontrol â Switch(config)#aaa port-access mac-based [e]<PORT list="">


    Additional MAC-authport parameters:-Allows client moves between the specified ports under MAC authcontrol without requiring a reauthentication:-aaa port-access web-based [e] < port-list> [auth-vid <VID>]] no] aaa port-access mac-based [e] < port-list > [addr-moves]-Specifiesthe period, in seconds, that the switch enforces for an implicit logoff:-aaa port-access mac-based [e] < port-list > [logoff-period] <60-9999999>]-Forcesa reauthentication of all attached clients on the port:-aaa port-access mac-based [e] < port-list > [reauthenticate]-Specifies the period, in seconds, the switch waits for a serverresponse to an authentication request:-aaa port-access mac-based [e] < port-list > [server-timeout <1 -300>] -Specifies the VLAN to use for a client that fails authentication. If unauth-vid is 0, no VLAN changes occur.-aaa port-access mac-based [e] < port-list > [unauth-vid]</VID></PORT></NO-DELIMITER>


  • 3.  RE: radius mac-based auth on 2524?

    Posted Jun 05, 2008 10:25 AM
    SORRY..!
    I think you switch 2510 because you have swich 2524

    please see link in(page38) ;for 2524 switch mac-authentication configuration info

    http://cdn.procurve.com/training/Manuals/2300-2500-RelNotes-F0565-59903102.pdf


  • 4.  RE: radius mac-based auth on 2524?

    Posted Jun 05, 2008 06:40 PM
    There is no web or mac auth on the 2500 switches. You'll need to upgrade or use 802.1X.


  • 5.  RE: radius mac-based auth on 2524?

    Posted Jun 06, 2008 12:20 AM
    for mac based authentication on 2524 switch you make 802.1x and port security config please see above link in guide

    cenk


  • 6.  RE: radius mac-based auth on 2524?

    Posted Jun 06, 2008 04:07 AM
    Sorry, but I didn'find any configuration example in the link that you point
    for 802.1x, perhaps it may be something like

    aaa authen port-acc eap-radius

    I would like to avoid a lot of tries...

    the manuals tell that the switch can do 802.1x,
    ok, but should show how configure it too...
    Thanks, bye.




  • 7.  RE: radius mac-based auth on 2524?

    Posted Jun 06, 2008 04:44 AM
    hi port security and 802.1x configuration best way mac authentication on 2524 switch

    frist config port security on switch

    config)# port-security 1-20 learn-mode static address-limit 1 action send-disable

    port security operation stand alone very succesful mac authentiation operation because use with 802.1x very very good.


    secont config 802.1x on 2524

    (config)#radius-server host 100.100.100.80 key procurve
    config)#aaa authentication port-access eap-radius
    config)#aaa accounting network start-stop radius

    config)aaa port-access authenticator 1-20 control auto

    config)#aaa port access authenticator active


Related Content