Comware

Hi Forum,

I want to set a Port on a HPE 5140 COMWARE Switch via RADIUS after successful authentication via MAB or dot1x (MACMON NAC).

I got this working for AOS and AOS-X Switches (Vendor-ID 11, Attribute-ID 64 / 65, "HP-Egress-VLANID" / "HP-Egress-VLAN-Name").

But I don't get it running for COMWARE.

I tried the same Vendor-Specific Attribute-IDs and the IETF Attributes EGRESS-VLANID / EGRESS-VLAN-NAME, but no luck.

A difference I recognized is, that for AOS I need to set another Vendor-Specific Attribut (Vendor-ID 11, Attribute-ID 14, "HP-MA-Port-Mode").

I didn't find anything similiar in the 3com/H3C/Huawei Vendor-Dictionary (exept for 3com' Attribute-ID2, "3Com-VLAN-Name").

What am I missing? Has anybody an idea or a hint to get this running?

Thanks in advance for any piece of information!

Regards, Thorsten

I think the RADIUS Handling messages between Comware and AOS/AOS-X are different. Comware typically supports:

Tunnel-Type (IETF, Attr 64) = VLAN (value 13)
Tunnel-Medium-Type (IETF, Attr 65) = 802 (value 6)
Tunnel-Private-Group-ID (IETF, Attr 81) = <VLAN-ID or VLAN Name>

as an example:
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "30"

This would put you to VLAN30

Hi Forum,

I want to set a Port on a HPE 5140 COMWARE Switch via RADIUS after successful authentication via MAB or dot1x (MACMON NAC).

I got this working for AOS and AOS-X Switches (Vendor-ID 11, Attribute-ID 64 / 65, "HP-Egress-VLANID" / "HP-Egress-VLAN-Name").

But I don't get it running for COMWARE.

I tried the same Vendor-Specific Attribute-IDs and the IETF Attributes EGRESS-VLANID / EGRESS-VLAN-NAME, but no luck.

A difference I recognized is, that for AOS I need to set another Vendor-Specific Attribut (Vendor-ID 11, Attribute-ID 14, "HP-MA-Port-Mode").

I didn't find anything similiar in the 3com/H3C/Huawei Vendor-Dictionary (exept for 3com' Attribute-ID2, "3Com-VLAN-Name").

What am I missing? Has anybody an idea or a hint to get this running?

Thanks in advance for any piece of information!

Regards, Thorsten

I think the RADIUS Handling messages between Comware and AOS/AOS-X are different. Comware typically supports:

Tunnel-Type (IETF, Attr 64) = VLAN (value 13)
Tunnel-Medium-Type (IETF, Attr 65) = 802 (value 6)
Tunnel-Private-Group-ID (IETF, Attr 81) = <VLAN-ID or VLAN Name>

as an example:
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "30"

This would put you to VLAN30

Hi Forum,

I want to set a Port on a HPE 5140 COMWARE Switch via RADIUS after successful authentication via MAB or dot1x (MACMON NAC).

I got this working for AOS and AOS-X Switches (Vendor-ID 11, Attribute-ID 64 / 65, "HP-Egress-VLANID" / "HP-Egress-VLAN-Name").

But I don't get it running for COMWARE.

I tried the same Vendor-Specific Attribute-IDs and the IETF Attributes EGRESS-VLANID / EGRESS-VLAN-NAME, but no luck.

A difference I recognized is, that for AOS I need to set another Vendor-Specific Attribut (Vendor-ID 11, Attribute-ID 14, "HP-MA-Port-Mode").

I didn't find anything similiar in the 3com/H3C/Huawei Vendor-Dictionary (exept for 3com' Attribute-ID2, "3Com-VLAN-Name").

What am I missing? Has anybody an idea or a hint to get this running?

Thanks in advance for any piece of information!

Regards, Thorsten

Hmm... just wondering... If I want to tag other VLANs on that specific Port, how would I do that?

In your example, the VLAN30 would be Untagged on that Port, wouldn't it?

Regards, Thorsten

I think the RADIUS Handling messages between Comware and AOS/AOS-X are different. Comware typically supports:

Tunnel-Type (IETF, Attr 64) = VLAN (value 13)
Tunnel-Medium-Type (IETF, Attr 65) = 802 (value 6)
Tunnel-Private-Group-ID (IETF, Attr 81) = <VLAN-ID or VLAN Name>

as an example:
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "30"

This would put you to VLAN30

Hi Forum,

I want to set a Port on a HPE 5140 COMWARE Switch via RADIUS after successful authentication via MAB or dot1x (MACMON NAC).

I got this working for AOS and AOS-X Switches (Vendor-ID 11, Attribute-ID 64 / 65, "HP-Egress-VLANID" / "HP-Egress-VLAN-Name").

But I don't get it running for COMWARE.

I tried the same Vendor-Specific Attribute-IDs and the IETF Attributes EGRESS-VLANID / EGRESS-VLAN-NAME, but no luck.

A difference I recognized is, that for AOS I need to set another Vendor-Specific Attribut (Vendor-ID 11, Attribute-ID 14, "HP-MA-Port-Mode").

I didn't find anything similiar in the 3com/H3C/Huawei Vendor-Dictionary (exept for 3com' Attribute-ID2, "3Com-VLAN-Name").

What am I missing? Has anybody an idea or a hint to get this running?

Thanks in advance for any piece of information!

Regards, Thorsten

VLAN30 would be Untagged.

If you refer to pushing multiple VLANs on the same port, i am afraid that you can't push a RADIUS Attribute forcing the port to be Trunk and permitting multiple VLANS as tagged.

Hmm... just wondering... If I want to tag other VLANs on that specific Port, how would I do that?

In your example, the VLAN30 would be Untagged on that Port, wouldn't it?

Regards, Thorsten

I think the RADIUS Handling messages between Comware and AOS/AOS-X are different. Comware typically supports:

Tunnel-Type (IETF, Attr 64) = VLAN (value 13)
Tunnel-Medium-Type (IETF, Attr 65) = 802 (value 6)
Tunnel-Private-Group-ID (IETF, Attr 81) = <VLAN-ID or VLAN Name>

as an example:
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "30"

This would put you to VLAN30

Hi Forum,

I want to set a Port on a HPE 5140 COMWARE Switch via RADIUS after successful authentication via MAB or dot1x (MACMON NAC).

I got this working for AOS and AOS-X Switches (Vendor-ID 11, Attribute-ID 64 / 65, "HP-Egress-VLANID" / "HP-Egress-VLAN-Name").

But I don't get it running for COMWARE.

I tried the same Vendor-Specific Attribute-IDs and the IETF Attributes EGRESS-VLANID / EGRESS-VLAN-NAME, but no luck.

A difference I recognized is, that for AOS I need to set another Vendor-Specific Attribut (Vendor-ID 11, Attribute-ID 14, "HP-MA-Port-Mode").

I didn't find anything similiar in the 3com/H3C/Huawei Vendor-Dictionary (exept for 3com' Attribute-ID2, "3Com-VLAN-Name").

What am I missing? Has anybody an idea or a hint to get this running?

Thanks in advance for any piece of information!

Regards, Thorsten