Motherboard Forums
Home Register Members Search Links
Member Login:

Motherboard Forums > Manufacturers > HP > MAC-based VLAN membership

Reply
Thread Tools Display Modes

MAC-based VLAN membership

 
 





















Thomas Wildgruber
Guest
Posts: n/a

 
      01-16-2007, 07:33 PM


Hi Group,

we try to configure a HP ProCurve 2650 Switch for a MAC-based authetication
and a dynamic membership of the involved switch port in a specific VLAN.
The authentication instance is a RADIUS server (freeRADIUS on a freeBSD
machine)

The 'access security guide'[1] describe in chapter 3 (Page 22):

-----------------------------------snip-----------------------------------
If you plan to use multiple VLANs with MAC Authentication, ensure that
these VLANs are configured on the switch and that the appropriate port
assignments have been made.
-----------------------------------snap-----------------------------------

We also read, that the VLANs should configured as static VLANs but we can't
find any information about the participation of each involved port in
designated VLANs (tagged, untagged). In my mind, every port should be in
'tagged' state on each configured VLAN. Up to now, i thought that 'tagged'
ports become only used for the uplink port to a another VLAN configured
switch. But in this specific case only 'tagged' condition make sense -> Is
this correct?

Anyway it won't work but... ;-)

....The second dissonance we had in our setup is the MD5 CHAP generated hash
who became transmitted from the switch to the RADIUS Server, if a Client is
connecting to the switch. The 'access security guide'[1] describes for MAC
based authentication we have to use the client MAC address for the username
as well as for the password...

--------------------------------------snip---------------------------------
The RADIUS server uses the device MAC address as the username and password,
and grants or denies network access in the same way that it does for
clients capable of interactive logons.
--------------------------------------snap---------------------------------

....but the transmitted hash - from the password? - is every time different
and doesn't match the manual generated hash from the password (MAC address)
by using the system MD5 genarator:

#>echo aabbccddeeff | md5 (aabbccddeeff is the client MAC address)

But maybe we misunderstand the output of this hash.

Can anybody help before we plunk the whole equipment ;-)

[1] http://www.hp.com/rnd/support/manuals/2650_6108.htm

Bye Tom
--
"Der Retter der Welt ist ein Pinguin und Linus Torvalds ist sein Prophet "
 
Reply With Quote
Reply

« Anyone still using the HP1000/RTE | HP Presario Notebook Volume Control always slides to top »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to apply SP3 to an Asus A8N SLI-Premium Mainboard based WinXP? Paolo Severin Asus 1 10-05-2008 07:31 PM
How to apply SP3 to an Asus A8N SLI-Premium Mainboard based WinXP? Paolo Severin IBM 1 10-05-2008 07:31 PM
Intel Larrabee GPU / GPGPU based on the old P54C Pentium ? AirRaid Intel 7 07-18-2008 06:31 AM
AMD based Optiplex vs Intel based: Whic more effecient? me@privacy.net Dell 0 07-03-2008 08:16 PM
With a PC based on the Intel® Pentium® 4 Processor with HT Technology†, you get advanced performance and multitasking capabilities for today's digital home ... sehanran@gmail.com Dell 1 03-16-2008 03:06 PM


All times are GMT. The time now is 02:49 AM.
Powered by vBulletin®. Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43