[prev in list] [next in list] [prev in thread] [next in thread]
List: packetfence-users
Subject: Re: [PacketFence-users] Aruba Switch Network Configuration
From: Fabrice Durand via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date: 2018-01-25 14:46:47
Message-ID: 5feefa68-bd7d-6384-19c2-3f9c5d756f71 () inverse ! ca
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello Jeremy,
it looks that the Aruba HPE 2930M support the CoA
(http://www.arubanetworks.com/assets/ds/DS_2930MSwitchSeries.pdf)
So it should be cool to add the support in Packetfence.
Regards
Fabrice
Le 2018-01-25 à 09:25, Jeremy Plumley via PacketFence-users a écrit :
>
> Just wanted to share my config for the Aruba HPE 2930M switch I’m
> testing. All appears to be working for my needs. I ended up defining
> my switch in Packetfence as a “HP::Procurve_2920” in order for it to
> work properly. In addition, it must use SNMP as deauth method.
>
>
>
> #Radius/SNMP Config#
>
> radius-server host <packetfence IP> dyn-authorization
>
> radius-server host <packetfence IP> key <secret key>
>
> aaa server-group radius "packetfence" host <packetfence ip>
>
> aaa accounting network start-stop radius server-group "packetfence"
>
> aaa authentication port-access eap-radius server-group "packetfence"
>
> aaa authentication mac-based chap-radius server-group "packetfence"
>
> ip source-interface radius vlan <management vlan>
>
> snmpv3 user <packetfence user>
>
> snmpv3 group managerpriv user <packetfence user> sec-model ver3
>
> snmpv3 enable
>
> snmpv3 only
>
> snmpv3 restricted-access
>
>
>
> #Port Config#
>
> aaa port-access authenticator active
>
> aaa port-access authenticator <port#>
>
> aaa port-access authenticator <port#> client-limit <max dot1x clients
> on port>
>
> aaa port-access mac-based <port#>
>
> aaa port-access mac-based <port#> addr-moves
>
> aaa port-access mac-based <port#> reauth-period 14400
>
> aaa port-access mac-based <port#> addr-limit <max mab clients on port>
>
> aaa port-access <port#> controlled-direction in
>
>
>
> #show run interface#
>
>
>
> interface 1/1
>
> tagged vlan <voip vlan>
>
> untagged vlan <mac detection vlan>
>
> lldp enable-notification
>
> lldp config dot1TlvEnable vlan-name
>
> aaa port-access authenticator
>
> aaa port-access authenticator client-limit 5
>
> aaa port-access mac-based
>
> aaa port-access mac-based addr-limit 5
>
> aaa port-access mac-based addr-moves
>
> aaa port-access mac-based reauth-period 14400
>
> aaa port-access controlled-direction in
>
> spanning-tree admin-edge-port
>
> spanning-tree loop-guard bpdu-protection
>
> exit
>
>
>
> Jeremy Plumley
>
> ITS Network Administrator
>
> Ext 50024
>
> E-Mail correspondence to and from this address may be subject to the
> North Carolina Public Records Law and shall be disclosed to third
> parties when required by the statutes (G.S. 132-1.)
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdurand@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello Jeremy,</p>
<p>it looks that the Aruba HPE 2930M support the CoA
(<a class="moz-txt-link-freetext" \
href="http://www.arubanetworks.com/assets/ds/DS_2930MSwitchSeries.pdf">http://www.arubanetworks.com/assets/ds/DS_2930MSwitchSeries.pdf</a>)</p>
<p>So it should be cool to add the support in Packetfence.</p>
<p>Regards</p>
<p>Fabrice</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">Le 2018-01-25 à 09:25, Jeremy Plumley
via PacketFence-users a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:BN6PR06MB2484142887CF863C25C5870EC0E10@BN6PR06MB2484.namprd06.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><a name="_MailEndCompose"
moz-do-not-send="true"><span style="color:#1F497D">Just
wanted to share my config for the Aruba HPE 2930M switch
I’m testing. All appears to be working for my needs. I
ended up defining my switch in Packetfence as a “</span></a><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#333333;background:white">HP::Procurve_2920”
in order for it to work properly. In addition, it must use
SNMP as deauth method.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#333333;background:white"><o:p> \
</o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">#Radius/SNMP Config#<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">radius-server host <packetfence
IP> dyn-authorization<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">radius-server host <packetfence
IP> key <secret key><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa server-group radius
"packetfence" host <packetfence ip><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa accounting network start-stop
radius server-group "packetfence"<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa authentication port-access
eap-radius server-group "packetfence"<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa authentication mac-based
chap-radius server-group "packetfence"<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">ip source-interface radius vlan
<management vlan><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">snmpv3 user <packetfence \
user><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">snmpv3 group managerpriv user
<packetfence user> sec-model ver3<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">snmpv3 enable<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">snmpv3 only<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">snmpv3 \
restricted-access<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">#Port Config#<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access authenticator \
active<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access authenticator
<port#><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access authenticator
<port#> client-limit <max dot1x clients on
port><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access mac-based
<port#><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access mac-based
<port#> addr-moves<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access mac-based
<port#> reauth-period 14400<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access mac-based
<port#> addr-limit <max mab clients on \
port><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">aaa port-access <port#>
controlled-direction in<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">#show run interface#<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D">interface 1/1<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> tagged vlan <voip \
vlan><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> untagged vlan <mac detection
vlan><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> lldp \
enable-notification<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> lldp config dot1TlvEnable
vlan-name<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> aaa port-access \
authenticator<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> aaa port-access authenticator
client-limit 5<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> aaa port-access \
mac-based<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> aaa port-access mac-based
addr-limit 5<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> aaa port-access mac-based
addr-moves<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> aaa port-access mac-based
reauth-period 14400<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> aaa port-access
controlled-direction in<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> spanning-tree \
admin-edge-port<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> spanning-tree loop-guard
bpdu-protection<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"> exit<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="color:#1F497D"><o:p> </o:p></span></span></p>
<div>
<p class="MsoNormal"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-family:"Arial",sans-serif;color:#1F497D">Jeremy
Plumley<o:p></o:p></span></span></p>
<p class="MsoNormal"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-family:"Arial",sans-serif;color:#1F497D">ITS
Network Administrator<o:p></o:p></span></span></p>
<p class="MsoNormal"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-family:"Arial",sans-serif;color:#1F497D">Ext
50024</span></span><span
style="font-family:"Arial",sans-serif;color:#1F497D"><o:p></o:p></span></p>
</div>
</div>
E-Mail correspondence to and from this address may be subject to
the North Carolina Public Records Law and shall be disclosed to
third parties when required by the statutes (G.S. 132-1.)
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! <a class="moz-txt-link-freetext" \
href="http://sdm.link/slashdot">http://sdm.link/slashdot</a></pre> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
PacketFence-users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:PacketFence-users@lists.sourceforge.net">PacketFence-users@lists.sourceforge.net</a>
<a class="moz-txt-link-freetext" \
href="https://lists.sourceforge.net/lists/listinfo/packetfence-users">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Fabrice Durand
<a class="moz-txt-link-abbreviated" \
href="mailto:fdurand@inverse.ca">fdurand@inverse.ca</a> :: +1.514.447.4918 (x135) :: \
<a class="moz-txt-link-abbreviated" href="http://www.inverse.ca">www.inverse.ca</a> \
Inverse inc. :: Leaders behind SOGo (<a class="moz-txt-link-freetext" \
href="http://www.sogo.nu">http://www.sogo.nu</a>) and PacketFence (<a \
class="moz-txt-link-freetext" \
href="http://packetfence.org">http://packetfence.org</a>) </pre> </body>
</html>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic