Security

Reply
New Contributor

1920S: VLAN assigned by RADIUS not working

Hello all,

 

I'm currently trying to configure a HP 1920s to provide RADIUS-dependent VLAN allocation. The dynamically configured ports will be used to connect docking stations and switch VLANs dependend on the connected notebook. Since the notebooks themselves are used in serveral locations using tagged VLAN configs is not possible, i.e. the switch has to map the VLAN as untagged.

 

The RADIUS authentication itself is working, both according to the RADIUS-log and the switch' UI:

hp_log.JPGradius_log.JPG

However the notebooks are unable to send and/or receive packages. DHCP fails with a timeout and after assigning a static IP all connection attempts time out.

 

The switch port (3) is configured as follows regarding VLAN:

vlan_config.JPG

Any help is appreciated. If you need further information regarding the configuration I will provide them asap.

 

Thanks,

Alex

 

New Contributor

Re: 1920S: VLAN assigned by RADIUS not working

Hi AlexanderK, could you solve it? Because i have the same problem.

MVP Expert

Re: 1920S: VLAN assigned by RADIUS not working

What attribut do you are using ?



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
New Contributor

Re: 1920S: VLAN assigned by RADIUS not working

Hi alagoutte, i am using egress-VLANID(56) attribute but the switch dont tagged the vlan.

New Contributor

Re: 1920S: VLAN assigned by RADIUS not working

Hi Aguirao,

 

yes, I got it to work in the end. The RADIUS-Ports (2+3) have the following VLAN config:

vlan.PNG

The difference to the old config is that the VLANs which should be assigned by RADIUS are configured as Tagged VLANs on that port. Upon successful authentication they are mapped as untagged VLAN.

 

In my case VLANs 10 and 30 are assigned by RADIUS while 50 is a guest network for unauthenticated devices.

 

On the radius server I use the following attributes:

Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "10"

 

Hope this helps,

Alexander

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: