Hi,
I'm trying to configure 802.1x and Mac authentication on OS6560 with a NPS as Radius server.
This is my current config, is this correct?
aaa radius-server "NPS1" host 10.10.0.100 hash-key "xxxxx" retransmit 3 timeout 25 auth-port 1812 acct-port 1813 vrf-name default
aaa radius-server "NPS2" host 10.10.0.101 hash-key "xxxxx" retransmit 3 timeout 25 auth-port 1812 acct-port 1813 vrf-name default
aaa device-authentication mac "NPS1" "NPS2"
aaa device-authentication 802.1x "NPS1" "NPS2"
aaa accounting 802.1x "NPS1" "NPS2"
unp profile "UNP-Data"
unp profile "UNP-Guest"
unp profile "UNP-Voice"
unp profile "UNP-Data" map vlan 59
unp profile "UNP-Guest" map vlan 72
unp profile "UNP-Voice" map vlan 70
unp port 1/1/1 port-type bridge
unp port 1/1/1 direction both default-profile "UNP-Guest" classification trust-tag dynamic-service none
unp port 1/1/1 admin-state enable
unp port 1/1/1 802.1x-authentication
unp port 1/1/1 mac-authentication
unp classification authentication-type 802.1x profile1 "UNP-Data"
unp classification authentication-type mac profile1 "UNP-Voice"
Many thanks.
TrX
Radius NPS - unp configuration on OS6560
Re: Radius NPS - unp configuration on OS6560
It looks okay. Did it work?
But I never used the last both classification-commands. Instead I always use the filter-id (return attribute from NPS) same like the unp profile (case sensitiv).
regards
Silvio
But I never used the last both classification-commands. Instead I always use the filter-id (return attribute from NPS) same like the unp profile (case sensitiv).
regards
Silvio
Re: Radius NPS - unp configuration on OS6560
Got it working indeed.
Indeed, I had to use the Filter-ID attribute returned from NPS. Thanks for that!
Also changed the unp port a bit:
unp port x/x/x redirect-port-bounce direction both default-profile "UNP-Guest" classification dynamic-service none
Re: Radius NPS - unp configuration on OS6560
Thanks for the answer.regards
Silvio
Re: Radius NPS - unp configuration on OS6560
Hi Silvio,
What is the equivalent of this cli on OS6560, I need your help:
aaa user-network-profile name "unp-pc" vlan 201 hic disable
aaa user-network-profile name "unp-phone" vlan 210 hic disable
aaa user-network-profile name "unp-rifo-pc" vlan 202 hic disable
aaa user-network-profile name "unp-unknow" vlan 999 hic disable
802.1x 1/5 direction in port-control auto quiet-period 60 tx-period 30 supp-timeout 30 server-timeout 30 max-req 2 re-authperiod 3600 no reauthentication
802.1x 1/5 captive-portal session-limit 12 retry-count 3
802.1x 1/5 captive-portal inactivity-logout disable
802.1x 1/5 supp-polling retry 0
802.1x 1/5 supplicant policy authentication pass group-mobility default-vlan fail block
802.1x 1/5 non-supplicant policy authentication pass default-vlan fail block
802.1x 1/5 captive-portal policy authentication pass default-vlan fail block
thank you for your help.
What is the equivalent of this cli on OS6560, I need your help:
aaa user-network-profile name "unp-pc" vlan 201 hic disable
aaa user-network-profile name "unp-phone" vlan 210 hic disable
aaa user-network-profile name "unp-rifo-pc" vlan 202 hic disable
aaa user-network-profile name "unp-unknow" vlan 999 hic disable
802.1x 1/5 direction in port-control auto quiet-period 60 tx-period 30 supp-timeout 30 server-timeout 30 max-req 2 re-authperiod 3600 no reauthentication
802.1x 1/5 captive-portal session-limit 12 retry-count 3
802.1x 1/5 captive-portal inactivity-logout disable
802.1x 1/5 supp-polling retry 0
802.1x 1/5 supplicant policy authentication pass group-mobility default-vlan fail block
802.1x 1/5 non-supplicant policy authentication pass default-vlan fail block
802.1x 1/5 captive-portal policy authentication pass default-vlan fail block
thank you for your help.
Regards.
AbiOne.
AbiOne.
