Radius NPS - unp configuration on OS6560

Post Reply
TrX
Member
Posts: 4
Joined: 15 Nov 2018 04:56

Radius NPS - unp configuration on OS6560

Post by TrX » 02 Jul 2019 05:41

Hi,

I'm trying to configure 802.1x and Mac authentication on OS6560 with a NPS as Radius server.
This is my current config, is this correct?

aaa radius-server "NPS1" host 10.10.0.100 hash-key "xxxxx" retransmit 3 timeout 25 auth-port 1812 acct-port 1813 vrf-name default
aaa radius-server "NPS2" host 10.10.0.101 hash-key "xxxxx" retransmit 3 timeout 25 auth-port 1812 acct-port 1813 vrf-name default

aaa device-authentication mac "NPS1" "NPS2"
aaa device-authentication 802.1x "NPS1" "NPS2"
aaa accounting 802.1x "NPS1" "NPS2"

unp profile "UNP-Data"
unp profile "UNP-Guest"
unp profile "UNP-Voice"
unp profile "UNP-Data" map vlan 59
unp profile "UNP-Guest" map vlan 72
unp profile "UNP-Voice" map vlan 70

unp port 1/1/1 port-type bridge
unp port 1/1/1 direction both default-profile "UNP-Guest" classification trust-tag dynamic-service none
unp port 1/1/1 admin-state enable
unp port 1/1/1 802.1x-authentication
unp port 1/1/1 mac-authentication

unp classification authentication-type 802.1x profile1 "UNP-Data"
unp classification authentication-type mac profile1 "UNP-Voice"


Many thanks.
TrX

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1363
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Radius NPS - unp configuration on OS6560

Post by silvio » 03 Jul 2019 13:34

It looks okay. Did it work?
But I never used the last both classification-commands. Instead I always use the filter-id (return attribute from NPS) same like the unp profile (case sensitiv).
regards
Silvio

TrX
Member
Posts: 4
Joined: 15 Nov 2018 04:56

Re: Radius NPS - unp configuration on OS6560

Post by TrX » 31 Jul 2019 06:02

silvio wrote:
03 Jul 2019 13:34
It looks okay. Did it work?
But I never used the last both classification-commands. Instead I always use the filter-id (return attribute from NPS) same like the unp profile (case sensitiv).
regards
Silvio
Got it working indeed.
Indeed, I had to use the Filter-ID attribute returned from NPS. Thanks for that!

Also changed the unp port a bit:

unp port x/x/x redirect-port-bounce direction both default-profile "UNP-Guest" classification dynamic-service none

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1363
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Radius NPS - unp configuration on OS6560

Post by silvio » 31 Jul 2019 14:53

:) Thanks for the answer.
regards
Silvio

Post Reply

Return to “OmniSwitch 6560”